//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension IAM {
    // MARK: Enums

    public enum AccessAdvisorUsageGranularityType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case actionLevel = "ACTION_LEVEL"
        case serviceLevel = "SERVICE_LEVEL"
        public var description: String { return self.rawValue }
    }

    public enum AssertionEncryptionModeType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allowed = "Allowed"
        case required = "Required"
        public var description: String { return self.rawValue }
    }

    public enum AssignmentStatusType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case any = "Any"
        case assigned = "Assigned"
        case unassigned = "Unassigned"
        public var description: String { return self.rawValue }
    }

    public enum ContextKeyTypeEnum: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case binary = "binary"
        case binaryList = "binaryList"
        case boolean = "boolean"
        case booleanList = "booleanList"
        case date = "date"
        case dateList = "dateList"
        case ip = "ip"
        case ipList = "ipList"
        case numeric = "numeric"
        case numericList = "numericList"
        case string = "string"
        case stringList = "stringList"
        public var description: String { return self.rawValue }
    }

    public enum DeletionTaskStatusType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case failed = "FAILED"
        case inProgress = "IN_PROGRESS"
        case notStarted = "NOT_STARTED"
        case succeeded = "SUCCEEDED"
        public var description: String { return self.rawValue }
    }

    public enum EncodingType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case pem = "PEM"
        case ssh = "SSH"
        public var description: String { return self.rawValue }
    }

    public enum EntityType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case awsManagedPolicy = "AWSManagedPolicy"
        case group = "Group"
        case localManagedPolicy = "LocalManagedPolicy"
        case role = "Role"
        case user = "User"
        public var description: String { return self.rawValue }
    }

    public enum FeatureType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case rootCredentialsManagement = "RootCredentialsManagement"
        case rootSessions = "RootSessions"
        public var description: String { return self.rawValue }
    }

    public enum GlobalEndpointTokenVersion: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case v1Token = "v1Token"
        case v2Token = "v2Token"
        public var description: String { return self.rawValue }
    }

    public enum JobStatusType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case completed = "COMPLETED"
        case failed = "FAILED"
        case inProgress = "IN_PROGRESS"
        public var description: String { return self.rawValue }
    }

    public enum PermissionsBoundaryAttachmentType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case policy = "PermissionsBoundaryPolicy"
        public var description: String { return self.rawValue }
    }

    public enum PolicyEvaluationDecisionType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allowed = "allowed"
        case explicitDeny = "explicitDeny"
        case implicitDeny = "implicitDeny"
        public var description: String { return self.rawValue }
    }

    public enum PolicyOwnerEntityType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case group = "GROUP"
        case role = "ROLE"
        case user = "USER"
        public var description: String { return self.rawValue }
    }

    public enum PolicyScopeType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "All"
        case aws = "AWS"
        case local = "Local"
        public var description: String { return self.rawValue }
    }

    public enum PolicySourceType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case awsManaged = "aws-managed"
        case group = "group"
        case iamPolicy = "IAM Policy"
        case none = "none"
        case resource = "resource"
        case role = "role"
        case user = "user"
        case userManaged = "user-managed"
        public var description: String { return self.rawValue }
    }

    public enum PolicyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case inline = "INLINE"
        case managed = "MANAGED"
        public var description: String { return self.rawValue }
    }

    public enum PolicyUsageType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case permissionsBoundary = "PermissionsBoundary"
        case permissionsPolicy = "PermissionsPolicy"
        public var description: String { return self.rawValue }
    }

    public enum ReportFormatType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case textCsv = "text/csv"
        public var description: String { return self.rawValue }
    }

    public enum ReportStateType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case complete = "COMPLETE"
        case inprogress = "INPROGRESS"
        case started = "STARTED"
        public var description: String { return self.rawValue }
    }

    public enum SortKeyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case lastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING"
        case lastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING"
        case serviceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING"
        case serviceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING"
        public var description: String { return self.rawValue }
    }

    public enum StatusType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "Active"
        case expired = "Expired"
        case inactive = "Inactive"
        public var description: String { return self.rawValue }
    }

    public enum SummaryKeyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accessKeysPerUserQuota = "AccessKeysPerUserQuota"
        case accountAccessKeysPresent = "AccountAccessKeysPresent"
        case accountMFAEnabled = "AccountMFAEnabled"
        case accountPasswordPresent = "AccountPasswordPresent"
        case accountSigningCertificatesPresent = "AccountSigningCertificatesPresent"
        case attachedPoliciesPerGroupQuota = "AttachedPoliciesPerGroupQuota"
        case attachedPoliciesPerRoleQuota = "AttachedPoliciesPerRoleQuota"
        case attachedPoliciesPerUserQuota = "AttachedPoliciesPerUserQuota"
        case globalEndpointTokenVersion = "GlobalEndpointTokenVersion"
        case groupPolicySizeQuota = "GroupPolicySizeQuota"
        case groups = "Groups"
        case groupsPerUserQuota = "GroupsPerUserQuota"
        case groupsQuota = "GroupsQuota"
        case mfaDevices = "MFADevices"
        case mfaDevicesInUse = "MFADevicesInUse"
        case policies = "Policies"
        case policiesQuota = "PoliciesQuota"
        case policySizeQuota = "PolicySizeQuota"
        case policyVersionsInUse = "PolicyVersionsInUse"
        case policyVersionsInUseQuota = "PolicyVersionsInUseQuota"
        case serverCertificates = "ServerCertificates"
        case serverCertificatesQuota = "ServerCertificatesQuota"
        case signingCertificatesPerUserQuota = "SigningCertificatesPerUserQuota"
        case userPolicySizeQuota = "UserPolicySizeQuota"
        case users = "Users"
        case usersQuota = "UsersQuota"
        case versionsPerPolicyQuota = "VersionsPerPolicyQuota"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct AccessDetail: AWSDecodableShape {
        /// The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests. This field is null if no principals (IAM users, IAM roles, or root user) in the reported Organizations entity attempted to access the service within the tracking period.
        public let entityPath: String?
        /// The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests. This field is null if no principals in the reported Organizations entity attempted to access the service within the tracking period.
        public let lastAuthenticatedTime: Date?
        /// The Region where the last service access attempt occurred. This field is null if no principals in the reported Organizations entity attempted to access the service within the tracking period.
        public let region: String?
        /// The name of the service in which access was attempted.
        public let serviceName: String
        /// The namespace of the service in which access was attempted. To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
        public let serviceNamespace: String
        /// The number of accounts with authenticated principals (root user, IAM users, and IAM roles) that attempted to access the service in the tracking period.
        public let totalAuthenticatedEntities: Int?

        @inlinable
        public init(entityPath: String? = nil, lastAuthenticatedTime: Date? = nil, region: String? = nil, serviceName: String, serviceNamespace: String, totalAuthenticatedEntities: Int? = nil) {
            self.entityPath = entityPath
            self.lastAuthenticatedTime = lastAuthenticatedTime
            self.region = region
            self.serviceName = serviceName
            self.serviceNamespace = serviceNamespace
            self.totalAuthenticatedEntities = totalAuthenticatedEntities
        }

        private enum CodingKeys: String, CodingKey {
            case entityPath = "EntityPath"
            case lastAuthenticatedTime = "LastAuthenticatedTime"
            case region = "Region"
            case serviceName = "ServiceName"
            case serviceNamespace = "ServiceNamespace"
            case totalAuthenticatedEntities = "TotalAuthenticatedEntities"
        }
    }

    public struct AccessKey: AWSDecodableShape {
        /// The ID for this access key.
        public let accessKeyId: String
        /// The date when the access key was created.
        public let createDate: Date?
        /// The secret key used to sign requests.
        public let secretAccessKey: String
        /// The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.
        public let status: StatusType
        /// The name of the IAM user that the access key is associated with.
        public let userName: String

        @inlinable
        public init(accessKeyId: String, createDate: Date? = nil, secretAccessKey: String, status: StatusType, userName: String) {
            self.accessKeyId = accessKeyId
            self.createDate = createDate
            self.secretAccessKey = secretAccessKey
            self.status = status
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
            case createDate = "CreateDate"
            case secretAccessKey = "SecretAccessKey"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct AccessKeyLastUsed: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null in the following situations:   The user does not have an access key.   An access key exists but has not been used since IAM began tracking this information.   There is no sign-in data associated with the user.
        public let lastUsedDate: Date?
        /// The Amazon Web Services Region where this access key was most recently used. The value for this field is "N/A" in the following situations:   The user does not have an access key.   An access key exists but has not been used since IAM began tracking this information.   There is no sign-in data associated with the user.   For more information about Amazon Web Services Regions, see Regions and endpoints in the Amazon Web Services General Reference.
        public let region: String
        /// The name of the Amazon Web Services service with which this access key was most recently used. The value of this field is "N/A" in the following situations:   The user does not have an access key.   An access key exists but has not been used since IAM started tracking this information.   There is no sign-in data associated with the user.
        public let serviceName: String

        @inlinable
        public init(lastUsedDate: Date? = nil, region: String, serviceName: String) {
            self.lastUsedDate = lastUsedDate
            self.region = region
            self.serviceName = serviceName
        }

        private enum CodingKeys: String, CodingKey {
            case lastUsedDate = "LastUsedDate"
            case region = "Region"
            case serviceName = "ServiceName"
        }
    }

    public struct AccessKeyMetadata: AWSDecodableShape {
        /// The ID for this access key.
        public let accessKeyId: String?
        /// The date when the access key was created.
        public let createDate: Date?
        /// The status of the access key. Active means that the key is valid for API calls; Inactive means it is not.
        public let status: StatusType?
        /// The name of the IAM user that the key is associated with.
        public let userName: String?

        @inlinable
        public init(accessKeyId: String? = nil, createDate: Date? = nil, status: StatusType? = nil, userName: String? = nil) {
            self.accessKeyId = accessKeyId
            self.createDate = createDate
            self.status = status
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
            case createDate = "CreateDate"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct AddClientIDToOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
        public let clientID: String
        /// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
        public let openIDConnectProviderArn: String

        @inlinable
        public init(clientID: String, openIDConnectProviderArn: String) {
            self.clientID = clientID
            self.openIDConnectProviderArn = openIDConnectProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.clientID, name: "clientID", parent: name, max: 255)
            try self.validate(self.clientID, name: "clientID", parent: name, min: 1)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case clientID = "ClientID"
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
        }
    }

    public struct AddRoleToInstanceProfileRequest: AWSEncodableShape {
        /// The name of the instance profile to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        /// The name of the role to add. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(instanceProfileName: String, roleName: String) {
            self.instanceProfileName = instanceProfileName
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case roleName = "RoleName"
        }
    }

    public struct AddUserToGroupRequest: AWSEncodableShape {
        /// The name of the group to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The name of the user to add. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(groupName: String, userName: String) {
            self.groupName = groupName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case userName = "UserName"
        }
    }

    public struct AttachGroupPolicyRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String

        @inlinable
        public init(groupName: String, policyArn: String) {
            self.groupName = groupName
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyArn = "PolicyArn"
        }
    }

    public struct AttachRolePolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The name (friendly name, not ARN) of the role to attach the policy to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyArn: String, roleName: String) {
            self.policyArn = policyArn
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case roleName = "RoleName"
        }
    }

    public struct AttachUserPolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(policyArn: String, userName: String) {
            self.policyArn = policyArn
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case userName = "UserName"
        }
    }

    public struct AttachedPermissionsBoundary: AWSDecodableShape {
        ///  The ARN of the policy used to set the permissions boundary for the user or role.
        public let permissionsBoundaryArn: String?
        ///  The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy.
        public let permissionsBoundaryType: PermissionsBoundaryAttachmentType?

        @inlinable
        public init(permissionsBoundaryArn: String? = nil, permissionsBoundaryType: PermissionsBoundaryAttachmentType? = nil) {
            self.permissionsBoundaryArn = permissionsBoundaryArn
            self.permissionsBoundaryType = permissionsBoundaryType
        }

        private enum CodingKeys: String, CodingKey {
            case permissionsBoundaryArn = "PermissionsBoundaryArn"
            case permissionsBoundaryType = "PermissionsBoundaryType"
        }
    }

    public struct AttachedPolicy: AWSDecodableShape {
        public let policyArn: String?
        /// The friendly name of the attached policy.
        public let policyName: String?

        @inlinable
        public init(policyArn: String? = nil, policyName: String? = nil) {
            self.policyArn = policyArn
            self.policyName = policyName
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case policyName = "PolicyName"
        }
    }

    public struct ChangePasswordRequest: AWSEncodableShape {
        /// The new password. The new password must conform to the Amazon Web Services account's password policy, if one exists. The regex pattern  that is used to validate this parameter is a string of characters. That string can include almost any printable  ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF).  You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D)  characters. Any of these characters are valid in a password. However, many tools, such  as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have  special meaning within that tool.
        public let newPassword: String
        /// The IAM user's current password.
        public let oldPassword: String

        @inlinable
        public init(newPassword: String, oldPassword: String) {
            self.newPassword = newPassword
            self.oldPassword = oldPassword
        }

        public func validate(name: String) throws {
            try self.validate(self.newPassword, name: "newPassword", parent: name, max: 128)
            try self.validate(self.newPassword, name: "newPassword", parent: name, min: 1)
            try self.validate(self.newPassword, name: "newPassword", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.oldPassword, name: "oldPassword", parent: name, max: 128)
            try self.validate(self.oldPassword, name: "oldPassword", parent: name, min: 1)
            try self.validate(self.oldPassword, name: "oldPassword", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case newPassword = "NewPassword"
            case oldPassword = "OldPassword"
        }
    }

    public struct ContextEntry: AWSEncodableShape {
        /// The full name of a condition context key, including the service prefix. For example, aws:SourceIp or s3:VersionId.
        public let contextKeyName: String?
        /// The data type of the value (or values) specified in the ContextKeyValues parameter.
        public let contextKeyType: ContextKeyTypeEnum?
        /// The value (or values, if the condition context key supports multiple values) to provide to the simulation when the key is referenced by a Condition element in an input policy.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var contextKeyValues: [String]?

        @inlinable
        public init(contextKeyName: String? = nil, contextKeyType: ContextKeyTypeEnum? = nil, contextKeyValues: [String]? = nil) {
            self.contextKeyName = contextKeyName
            self.contextKeyType = contextKeyType
            self.contextKeyValues = contextKeyValues
        }

        public func validate(name: String) throws {
            try self.validate(self.contextKeyName, name: "contextKeyName", parent: name, max: 256)
            try self.validate(self.contextKeyName, name: "contextKeyName", parent: name, min: 5)
        }

        private enum CodingKeys: String, CodingKey {
            case contextKeyName = "ContextKeyName"
            case contextKeyType = "ContextKeyType"
            case contextKeyValues = "ContextKeyValues"
        }
    }

    public struct CreateAccessKeyRequest: AWSEncodableShape {
        /// The name of the IAM user that the new key will belong to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(userName: String? = nil) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct CreateAccessKeyResponse: AWSDecodableShape {
        /// A structure with details about the access key.
        public let accessKey: AccessKey

        @inlinable
        public init(accessKey: AccessKey) {
            self.accessKey = accessKey
        }

        private enum CodingKeys: String, CodingKey {
            case accessKey = "AccessKey"
        }
    }

    public struct CreateAccountAliasRequest: AWSEncodableShape {
        /// The account alias to create. This parameter allows (through its regex pattern) a string of characters consisting of  lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have  two dashes in a row.
        public let accountAlias: String

        @inlinable
        public init(accountAlias: String) {
            self.accountAlias = accountAlias
        }

        public func validate(name: String) throws {
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, max: 63)
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, min: 3)
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, pattern: "^[a-z0-9]([a-z0-9]|-(?!-)){1,61}[a-z0-9]$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountAlias = "AccountAlias"
        }
    }

    public struct CreateGroupRequest: AWSEncodableShape {
        /// The name of the group to create. Do not include the path in this value. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
        public let groupName: String
        ///  The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let path: String?

        @inlinable
        public init(groupName: String, path: String? = nil) {
            self.groupName = groupName
            self.path = path
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case path = "Path"
        }
    }

    public struct CreateGroupResponse: AWSDecodableShape {
        /// A structure containing details about the new group.
        public let group: Group

        @inlinable
        public init(group: Group) {
            self.group = group
        }

        private enum CodingKeys: String, CodingKey {
            case group = "Group"
        }
    }

    public struct CreateInstanceProfileRequest: AWSEncodableShape {
        /// The name of the instance profile to create. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        ///  The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let path: String?
        /// A list of tags that you want to attach to the newly created IAM instance profile. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(instanceProfileName: String, path: String? = nil, tags: [Tag]? = nil) {
            self.instanceProfileName = instanceProfileName
            self.path = path
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case path = "Path"
            case tags = "Tags"
        }
    }

    public struct CreateInstanceProfileResponse: AWSDecodableShape {
        /// A structure containing details about the new instance profile.
        public let instanceProfile: InstanceProfile

        @inlinable
        public init(instanceProfile: InstanceProfile) {
            self.instanceProfile = instanceProfile
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfile = "InstanceProfile"
        }
    }

    public struct CreateLoginProfileRequest: AWSEncodableShape {
        /// The new password for the user. This parameter must be omitted when you make the request with an AssumeRoot session. It is required in all other cases. The regex pattern  that is used to validate this parameter is a string of characters. That string can include almost any printable  ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF).  You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D)  characters. Any of these characters are valid in a password. However, many tools, such  as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have  special meaning within that tool.
        public let password: String?
        /// Specifies whether the user is required to set a new password on next sign-in.
        public let passwordResetRequired: Bool?
        /// The name of the IAM user to create a password for. The user must already exist. This parameter is optional. If no user name is included, it defaults to the principal making the request. When you make this request with root user credentials, you must use an AssumeRoot session to omit the user name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(password: String? = nil, passwordResetRequired: Bool? = nil, userName: String? = nil) {
            self.password = password
            self.passwordResetRequired = passwordResetRequired
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.password, name: "password", parent: name, max: 128)
            try self.validate(self.password, name: "password", parent: name, min: 1)
            try self.validate(self.password, name: "password", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case password = "Password"
            case passwordResetRequired = "PasswordResetRequired"
            case userName = "UserName"
        }
    }

    public struct CreateLoginProfileResponse: AWSDecodableShape {
        /// A structure containing the user name and password create date.
        public let loginProfile: LoginProfile

        @inlinable
        public init(loginProfile: LoginProfile) {
            self.loginProfile = loginProfile
        }

        private enum CodingKeys: String, CodingKey {
            case loginProfile = "LoginProfile"
        }
    }

    public struct CreateOpenIDConnectProviderRequest: AWSEncodableShape {
        /// Provides a list of client IDs, also known as audiences. When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. This is the value that's sent as the client_id parameter on OAuth requests. You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest operation accepts client IDs up to 255 characters long.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var clientIDList: [String]?
        /// A list of tags that you want to attach to the new IAM OpenID Connect (OIDC) provider. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. This parameter is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. For example, assume that the OIDC provider is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com.  For more information about obtaining the OIDC provider thumbprint, see Obtaining the thumbprint for an OpenID Connect provider in the IAM user Guide.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var thumbprintList: [String]?
        /// The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. The URL should not contain a port number.  You cannot register the same provider multiple times in a single Amazon Web Services account. If you try to submit a URL that has already been used for an OpenID Connect provider in the Amazon Web Services account, you will get an error.
        public let url: String

        @inlinable
        public init(clientIDList: [String]? = nil, tags: [Tag]? = nil, thumbprintList: [String]? = nil, url: String) {
            self.clientIDList = clientIDList
            self.tags = tags
            self.thumbprintList = thumbprintList
            self.url = url
        }

        public func validate(name: String) throws {
            try self.clientIDList?.forEach {
                try validate($0, name: "clientIDList[]", parent: name, max: 255)
                try validate($0, name: "clientIDList[]", parent: name, min: 1)
            }
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.thumbprintList?.forEach {
                try validate($0, name: "thumbprintList[]", parent: name, max: 40)
                try validate($0, name: "thumbprintList[]", parent: name, min: 40)
            }
            try self.validate(self.url, name: "url", parent: name, max: 255)
            try self.validate(self.url, name: "url", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientIDList = "ClientIDList"
            case tags = "Tags"
            case thumbprintList = "ThumbprintList"
            case url = "Url"
        }
    }

    public struct CreateOpenIDConnectProviderResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.
        public let openIDConnectProviderArn: String?
        /// A list of tags that are attached to the new IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(openIDConnectProviderArn: String? = nil, tags: [Tag]? = nil) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
            case tags = "Tags"
        }
    }

    public struct CreatePolicyRequest: AWSEncodableShape {
        /// A friendly description of the policy. Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
        public let description: String?
        /// The path for the policy. For more information about paths, see IAM identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.  You cannot use an asterisk (*) in the path name.
        public let path: String?
        /// The JSON policy document that you want to use as the content for the new policy. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.  The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// The friendly name of the policy. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
        public let policyName: String
        /// A list of tags that you want to attach to the new IAM customer managed policy. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(description: String? = nil, path: String? = nil, policyDocument: String, policyName: String, tags: [Tag]? = nil) {
            self.description = description
            self.path = path
            self.policyDocument = policyDocument
            self.policyName = policyName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 1000)
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$")
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case description = "Description"
            case path = "Path"
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
            case tags = "Tags"
        }
    }

    public struct CreatePolicyResponse: AWSDecodableShape {
        /// A structure containing details about the new policy.
        public let policy: Policy?

        @inlinable
        public init(policy: Policy? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct CreatePolicyVersionRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The JSON policy document that you want to use as the content for this new version of the policy. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// Specifies whether to set this version as the policy's default version. When this parameter is true, the new policy version becomes the operative version. That is, it becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
        public let setAsDefault: Bool?

        @inlinable
        public init(policyArn: String, policyDocument: String, setAsDefault: Bool? = nil) {
            self.policyArn = policyArn
            self.policyDocument = policyDocument
            self.setAsDefault = setAsDefault
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case policyDocument = "PolicyDocument"
            case setAsDefault = "SetAsDefault"
        }
    }

    public struct CreatePolicyVersionResponse: AWSDecodableShape {
        /// A structure containing details about the new policy version.
        public let policyVersion: PolicyVersion?

        @inlinable
        public init(policyVersion: PolicyVersion? = nil) {
            self.policyVersion = policyVersion
        }

        private enum CodingKeys: String, CodingKey {
            case policyVersion = "PolicyVersion"
        }
    }

    public struct CreateRoleRequest: AWSEncodableShape {
        /// The trust relationship policy document that grants an entity permission to assume the role. In IAM, you must provide a JSON policy that has been converted to a string. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)   Upon success, the response includes the same trust policy in JSON format.
        public let assumeRolePolicyDocument: String
        /// A description of the role.
        public let description: String?
        /// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.
        public let maxSessionDuration: Int?
        ///  The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let path: String?
        /// The ARN of the managed policy that is used to set the permissions boundary for the role. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide. For more information about policy types, see Policy types in the IAM User Guide.
        public let permissionsBoundary: String?
        /// The name of the role to create. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource". This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String
        /// A list of tags that you want to attach to the new role. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(assumeRolePolicyDocument: String, description: String? = nil, maxSessionDuration: Int? = nil, path: String? = nil, permissionsBoundary: String? = nil, roleName: String, tags: [Tag]? = nil) {
            self.assumeRolePolicyDocument = assumeRolePolicyDocument
            self.description = description
            self.maxSessionDuration = maxSessionDuration
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.roleName = roleName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.assumeRolePolicyDocument, name: "assumeRolePolicyDocument", parent: name, max: 131072)
            try self.validate(self.assumeRolePolicyDocument, name: "assumeRolePolicyDocument", parent: name, min: 1)
            try self.validate(self.assumeRolePolicyDocument, name: "assumeRolePolicyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.description, name: "description", parent: name, max: 1000)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*$")
            try self.validate(self.maxSessionDuration, name: "maxSessionDuration", parent: name, max: 43200)
            try self.validate(self.maxSessionDuration, name: "maxSessionDuration", parent: name, min: 3600)
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, max: 2048)
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, min: 20)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case assumeRolePolicyDocument = "AssumeRolePolicyDocument"
            case description = "Description"
            case maxSessionDuration = "MaxSessionDuration"
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case roleName = "RoleName"
            case tags = "Tags"
        }
    }

    public struct CreateRoleResponse: AWSDecodableShape {
        /// A structure containing details about the new role.
        public let role: Role

        @inlinable
        public init(role: Role) {
            self.role = role
        }

        private enum CodingKeys: String, CodingKey {
            case role = "Role"
        }
    }

    public struct CreateSAMLProviderRequest: AWSEncodableShape {
        /// The private key generated from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.
        public let addPrivateKey: String?
        /// Specifies the encryption setting for the SAML provider.
        public let assertionEncryptionMode: AssertionEncryptionModeType?
        /// The name of the provider to create. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let name: String
        /// An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. For more information, see About SAML 2.0-based federation in the IAM User Guide
        public let samlMetadataDocument: String
        /// A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(addPrivateKey: String? = nil, assertionEncryptionMode: AssertionEncryptionModeType? = nil, name: String, samlMetadataDocument: String, tags: [Tag]? = nil) {
            self.addPrivateKey = addPrivateKey
            self.assertionEncryptionMode = assertionEncryptionMode
            self.name = name
            self.samlMetadataDocument = samlMetadataDocument
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, max: 16384)
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, min: 1)
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[\\w._-]+$")
            try self.validate(self.samlMetadataDocument, name: "samlMetadataDocument", parent: name, max: 10000000)
            try self.validate(self.samlMetadataDocument, name: "samlMetadataDocument", parent: name, min: 1000)
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case addPrivateKey = "AddPrivateKey"
            case assertionEncryptionMode = "AssertionEncryptionMode"
            case name = "Name"
            case samlMetadataDocument = "SAMLMetadataDocument"
            case tags = "Tags"
        }
    }

    public struct CreateSAMLProviderResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
        public let samlProviderArn: String?
        /// A list of tags that are attached to the new IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(samlProviderArn: String? = nil, tags: [Tag]? = nil) {
            self.samlProviderArn = samlProviderArn
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
            case tags = "Tags"
        }
    }

    public struct CreateServiceLinkedRoleRequest: AWSEncodableShape {
        /// The service principal for the Amazon Web Services service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.  Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon Web Services services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.
        public let awsServiceName: String
        ///  A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different CustomSuffix for each request. Otherwise the request fails with a duplicate role name error. For example, you could add -1 or -debug to the suffix. Some services do not support the CustomSuffix parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.
        public let customSuffix: String?
        /// The description of the role.
        public let description: String?

        @inlinable
        public init(awsServiceName: String, customSuffix: String? = nil, description: String? = nil) {
            self.awsServiceName = awsServiceName
            self.customSuffix = customSuffix
            self.description = description
        }

        public func validate(name: String) throws {
            try self.validate(self.awsServiceName, name: "awsServiceName", parent: name, max: 128)
            try self.validate(self.awsServiceName, name: "awsServiceName", parent: name, min: 1)
            try self.validate(self.awsServiceName, name: "awsServiceName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.customSuffix, name: "customSuffix", parent: name, max: 64)
            try self.validate(self.customSuffix, name: "customSuffix", parent: name, min: 1)
            try self.validate(self.customSuffix, name: "customSuffix", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.description, name: "description", parent: name, max: 1000)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case awsServiceName = "AWSServiceName"
            case customSuffix = "CustomSuffix"
            case description = "Description"
        }
    }

    public struct CreateServiceLinkedRoleResponse: AWSDecodableShape {
        /// A Role object that contains details about the newly created role.
        public let role: Role?

        @inlinable
        public init(role: Role? = nil) {
            self.role = role
        }

        private enum CodingKeys: String, CodingKey {
            case role = "Role"
        }
    }

    public struct CreateServiceSpecificCredentialRequest: AWSEncodableShape {
        /// The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.
        public let credentialAgeDays: Int?
        /// The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
        public let serviceName: String
        /// The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(credentialAgeDays: Int? = nil, serviceName: String, userName: String) {
            self.credentialAgeDays = credentialAgeDays
            self.serviceName = serviceName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.credentialAgeDays, name: "credentialAgeDays", parent: name, max: 36600)
            try self.validate(self.credentialAgeDays, name: "credentialAgeDays", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case credentialAgeDays = "CredentialAgeDays"
            case serviceName = "ServiceName"
            case userName = "UserName"
        }
    }

    public struct CreateServiceSpecificCredentialResponse: AWSDecodableShape {
        /// A structure that contains information about the newly created service-specific credential.  This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.
        public let serviceSpecificCredential: ServiceSpecificCredential?

        @inlinable
        public init(serviceSpecificCredential: ServiceSpecificCredential? = nil) {
            self.serviceSpecificCredential = serviceSpecificCredential
        }

        private enum CodingKeys: String, CodingKey {
            case serviceSpecificCredential = "ServiceSpecificCredential"
        }
    }

    public struct CreateUserRequest: AWSEncodableShape {
        ///  The path for the user name. For more information about paths, see IAM identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let path: String?
        /// The ARN of the managed policy that is used to set the permissions boundary for the user. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide. For more information about policy types, see Policy types in the IAM User Guide.
        public let permissionsBoundary: String?
        /// A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The name of the user to create. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
        public let userName: String

        @inlinable
        public init(path: String? = nil, permissionsBoundary: String? = nil, tags: [Tag]? = nil, userName: String) {
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.tags = tags
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, max: 2048)
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, min: 20)
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case tags = "Tags"
            case userName = "UserName"
        }
    }

    public struct CreateUserResponse: AWSDecodableShape {
        /// A structure with details about the new IAM user.
        public let user: User?

        @inlinable
        public init(user: User? = nil) {
            self.user = user
        }

        private enum CodingKeys: String, CodingKey {
            case user = "User"
        }
    }

    public struct CreateVirtualMFADeviceRequest: AWSEncodableShape {
        ///  The path for the virtual MFA device. For more information about paths, see IAM identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let path: String?
        /// A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let virtualMFADeviceName: String

        @inlinable
        public init(path: String? = nil, tags: [Tag]? = nil, virtualMFADeviceName: String) {
            self.path = path
            self.tags = tags
            self.virtualMFADeviceName = virtualMFADeviceName
        }

        public func validate(name: String) throws {
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.virtualMFADeviceName, name: "virtualMFADeviceName", parent: name, min: 1)
            try self.validate(self.virtualMFADeviceName, name: "virtualMFADeviceName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case path = "Path"
            case tags = "Tags"
            case virtualMFADeviceName = "VirtualMFADeviceName"
        }
    }

    public struct CreateVirtualMFADeviceResponse: AWSDecodableShape {
        /// A structure containing details about the new virtual MFA device.
        public let virtualMFADevice: VirtualMFADevice

        @inlinable
        public init(virtualMFADevice: VirtualMFADevice) {
            self.virtualMFADevice = virtualMFADevice
        }

        private enum CodingKeys: String, CodingKey {
            case virtualMFADevice = "VirtualMFADevice"
        }
    }

    public struct DeactivateMFADeviceRequest: AWSEncodableShape {
        /// The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (through its regex pattern) a string of characters consisting  of upper and lowercase alphanumeric characters with no spaces. You can also include any of the  following characters: =,.@:/-
        public let serialNumber: String
        /// The name of the user whose MFA device you want to deactivate. This parameter is optional. If no user name is included, it defaults to the principal making the request. When you make this request with root user credentials, you must use an AssumeRoot session to omit the user name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(serialNumber: String, userName: String? = nil) {
            self.serialNumber = serialNumber
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct DeleteAccessKeyRequest: AWSEncodableShape {
        /// The access key ID for the access key ID and secret access key you want to delete. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let accessKeyId: String
        /// The name of the user whose access key pair you want to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(accessKeyId: String, userName: String? = nil) {
            self.accessKeyId = accessKeyId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, max: 128)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, min: 16)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
            case userName = "UserName"
        }
    }

    public struct DeleteAccountAliasRequest: AWSEncodableShape {
        /// The name of the account alias to delete. This parameter allows (through its regex pattern) a string of characters consisting of  lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have  two dashes in a row.
        public let accountAlias: String

        @inlinable
        public init(accountAlias: String) {
            self.accountAlias = accountAlias
        }

        public func validate(name: String) throws {
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, max: 63)
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, min: 3)
            try self.validate(self.accountAlias, name: "accountAlias", parent: name, pattern: "^[a-z0-9]([a-z0-9]|-(?!-)){1,61}[a-z0-9]$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountAlias = "AccountAlias"
        }
    }

    public struct DeleteGroupPolicyRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) identifying the group that the policy is embedded in. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The name identifying the policy document to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String

        @inlinable
        public init(groupName: String, policyName: String) {
            self.groupName = groupName
            self.policyName = policyName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyName = "PolicyName"
        }
    }

    public struct DeleteGroupRequest: AWSEncodableShape {
        /// The name of the IAM group to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String

        @inlinable
        public init(groupName: String) {
            self.groupName = groupName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
        }
    }

    public struct DeleteInstanceProfileRequest: AWSEncodableShape {
        /// The name of the instance profile to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String

        @inlinable
        public init(instanceProfileName: String) {
            self.instanceProfileName = instanceProfileName
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
        }
    }

    public struct DeleteLoginProfileRequest: AWSEncodableShape {
        /// The name of the user whose password you want to delete. This parameter is optional. If no user name is included, it defaults to the principal making the request. When you make this request with root user credentials, you must use an AssumeRoot session to omit the user name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(userName: String? = nil) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct DeleteOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders operation.
        public let openIDConnectProviderArn: String

        @inlinable
        public init(openIDConnectProviderArn: String) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
        }
    }

    public struct DeletePolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy you want to delete. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String

        @inlinable
        public init(policyArn: String) {
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
        }
    }

    public struct DeletePolicyVersionRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The policy version to delete. This parameter allows (through its regex pattern) a string of characters that  consists of the lowercase letter 'v' followed by one or two digits, and optionally  followed by a period '.' and a string of letters and digits. For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
        public let versionId: String

        @inlinable
        public init(policyArn: String, versionId: String) {
            self.policyArn = policyArn
            self.versionId = versionId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.versionId, name: "versionId", parent: name, pattern: "^v[1-9][0-9]*(\\.[A-Za-z0-9-]*)?$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case versionId = "VersionId"
        }
    }

    public struct DeleteRolePermissionsBoundaryRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) of the IAM role from which you want to remove the permissions boundary.
        public let roleName: String

        @inlinable
        public init(roleName: String) {
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
        }
    }

    public struct DeleteRolePolicyRequest: AWSEncodableShape {
        /// The name of the inline policy to delete from the specified IAM role. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name (friendly name, not ARN) identifying the role that the policy is embedded in. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyName: String, roleName: String) {
            self.policyName = policyName
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyName = "PolicyName"
            case roleName = "RoleName"
        }
    }

    public struct DeleteRoleRequest: AWSEncodableShape {
        /// The name of the role to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(roleName: String) {
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
        }
    }

    public struct DeleteSAMLProviderRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the SAML provider to delete.
        public let samlProviderArn: String

        @inlinable
        public init(samlProviderArn: String) {
            self.samlProviderArn = samlProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
        }
    }

    public struct DeleteSSHPublicKeyRequest: AWSEncodableShape {
        /// The unique identifier for the SSH public key. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let sshPublicKeyId: String
        /// The name of the IAM user associated with the SSH public key. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(sshPublicKeyId: String, userName: String) {
            self.sshPublicKeyId = sshPublicKeyId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, max: 128)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, min: 20)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKeyId = "SSHPublicKeyId"
            case userName = "UserName"
        }
    }

    public struct DeleteServerCertificateRequest: AWSEncodableShape {
        /// The name of the server certificate you want to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String

        @inlinable
        public init(serverCertificateName: String) {
            self.serverCertificateName = serverCertificateName
        }

        public func validate(name: String) throws {
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificateName = "ServerCertificateName"
        }
    }

    public struct DeleteServiceLinkedRoleRequest: AWSEncodableShape {
        /// The name of the service-linked role to be deleted.
        public let roleName: String

        @inlinable
        public init(roleName: String) {
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
        }
    }

    public struct DeleteServiceLinkedRoleResponse: AWSDecodableShape {
        /// The deletion task identifier that you can use to check the status of the deletion. This identifier is returned in the format task/aws-service-role///.
        public let deletionTaskId: String

        @inlinable
        public init(deletionTaskId: String) {
            self.deletionTaskId = deletionTaskId
        }

        private enum CodingKeys: String, CodingKey {
            case deletionTaskId = "DeletionTaskId"
        }
    }

    public struct DeleteServiceSpecificCredentialRequest: AWSEncodableShape {
        /// The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let serviceSpecificCredentialId: String
        /// The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(serviceSpecificCredentialId: String, userName: String? = nil) {
            self.serviceSpecificCredentialId = serviceSpecificCredentialId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, max: 128)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, min: 20)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serviceSpecificCredentialId = "ServiceSpecificCredentialId"
            case userName = "UserName"
        }
    }

    public struct DeleteSigningCertificateRequest: AWSEncodableShape {
        /// The ID of the signing certificate to delete. The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.
        public let certificateId: String
        /// The name of the user the signing certificate belongs to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(certificateId: String, userName: String? = nil) {
            self.certificateId = certificateId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateId, name: "certificateId", parent: name, max: 128)
            try self.validate(self.certificateId, name: "certificateId", parent: name, min: 24)
            try self.validate(self.certificateId, name: "certificateId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateId = "CertificateId"
            case userName = "UserName"
        }
    }

    public struct DeleteUserPermissionsBoundaryRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) of the IAM user from which you want to remove the permissions boundary.
        public let userName: String

        @inlinable
        public init(userName: String) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct DeleteUserPolicyRequest: AWSEncodableShape {
        /// The name identifying the policy document to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name (friendly name, not ARN) identifying the user that the policy is embedded in. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(policyName: String, userName: String) {
            self.policyName = policyName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyName = "PolicyName"
            case userName = "UserName"
        }
    }

    public struct DeleteUserRequest: AWSEncodableShape {
        /// The name of the user to delete. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(userName: String) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct DeleteVirtualMFADeviceRequest: AWSEncodableShape {
        /// The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. This parameter allows (through its regex pattern) a string of characters consisting  of upper and lowercase alphanumeric characters with no spaces. You can also include any of the  following characters: =,.@:/-
        public let serialNumber: String

        @inlinable
        public init(serialNumber: String) {
            self.serialNumber = serialNumber
        }

        public func validate(name: String) throws {
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serialNumber = "SerialNumber"
        }
    }

    public struct DeletionTaskFailureReasonType: AWSDecodableShape {
        /// A short description of the reason that the service-linked role deletion failed.
        public let reason: String?
        /// A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the Region in which the resources are being used.
        @OptionalCustomCoding<StandardArrayCoder<RoleUsageType>>
        public var roleUsageList: [RoleUsageType]?

        @inlinable
        public init(reason: String? = nil, roleUsageList: [RoleUsageType]? = nil) {
            self.reason = reason
            self.roleUsageList = roleUsageList
        }

        private enum CodingKeys: String, CodingKey {
            case reason = "Reason"
            case roleUsageList = "RoleUsageList"
        }
    }

    public struct DetachGroupPolicyRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) of the IAM group to detach the policy from. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String

        @inlinable
        public init(groupName: String, policyArn: String) {
            self.groupName = groupName
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyArn = "PolicyArn"
        }
    }

    public struct DetachRolePolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The name (friendly name, not ARN) of the IAM role to detach the policy from. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyArn: String, roleName: String) {
            self.policyArn = policyArn
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case roleName = "RoleName"
        }
    }

    public struct DetachUserPolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The name (friendly name, not ARN) of the IAM user to detach the policy from. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(policyArn: String, userName: String) {
            self.policyArn = policyArn
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case userName = "UserName"
        }
    }

    public struct DisableOrganizationsRootCredentialsManagementRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisableOrganizationsRootCredentialsManagementResponse: AWSDecodableShape {
        /// The features enabled for centralized root access for member accounts in your organization.
        @OptionalCustomCoding<StandardArrayCoder<FeatureType>>
        public var enabledFeatures: [FeatureType]?
        /// The unique identifier (ID) of an organization.
        public let organizationId: String?

        @inlinable
        public init(enabledFeatures: [FeatureType]? = nil, organizationId: String? = nil) {
            self.enabledFeatures = enabledFeatures
            self.organizationId = organizationId
        }

        private enum CodingKeys: String, CodingKey {
            case enabledFeatures = "EnabledFeatures"
            case organizationId = "OrganizationId"
        }
    }

    public struct DisableOrganizationsRootSessionsRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DisableOrganizationsRootSessionsResponse: AWSDecodableShape {
        /// The features you have enabled for centralized root access of member accounts in your organization.
        @OptionalCustomCoding<StandardArrayCoder<FeatureType>>
        public var enabledFeatures: [FeatureType]?
        /// The unique identifier (ID) of an organization.
        public let organizationId: String?

        @inlinable
        public init(enabledFeatures: [FeatureType]? = nil, organizationId: String? = nil) {
            self.enabledFeatures = enabledFeatures
            self.organizationId = organizationId
        }

        private enum CodingKeys: String, CodingKey {
            case enabledFeatures = "EnabledFeatures"
            case organizationId = "OrganizationId"
        }
    }

    public struct EnableMFADeviceRequest: AWSEncodableShape {
        /// An authentication code emitted by the device.  The format for this parameter is a string of six digits.  Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
        public let authenticationCode1: String
        /// A subsequent authentication code emitted by the device. The format for this parameter is a string of six digits.  Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
        public let authenticationCode2: String
        /// The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (through its regex pattern) a string of characters consisting  of upper and lowercase alphanumeric characters with no spaces. You can also include any of the  following characters: =,.@:/-
        public let serialNumber: String
        /// The name of the IAM user for whom you want to enable the MFA device. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(authenticationCode1: String, authenticationCode2: String, serialNumber: String, userName: String) {
            self.authenticationCode1 = authenticationCode1
            self.authenticationCode2 = authenticationCode2
            self.serialNumber = serialNumber
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, max: 6)
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, min: 6)
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, pattern: "^[\\d]+$")
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, max: 6)
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, min: 6)
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, pattern: "^[\\d]+$")
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case authenticationCode1 = "AuthenticationCode1"
            case authenticationCode2 = "AuthenticationCode2"
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct EnableOrganizationsRootCredentialsManagementRequest: AWSEncodableShape {
        public init() {}
    }

    public struct EnableOrganizationsRootCredentialsManagementResponse: AWSDecodableShape {
        /// The features you have enabled for centralized root access.
        @OptionalCustomCoding<StandardArrayCoder<FeatureType>>
        public var enabledFeatures: [FeatureType]?
        /// The unique identifier (ID) of an organization.
        public let organizationId: String?

        @inlinable
        public init(enabledFeatures: [FeatureType]? = nil, organizationId: String? = nil) {
            self.enabledFeatures = enabledFeatures
            self.organizationId = organizationId
        }

        private enum CodingKeys: String, CodingKey {
            case enabledFeatures = "EnabledFeatures"
            case organizationId = "OrganizationId"
        }
    }

    public struct EnableOrganizationsRootSessionsRequest: AWSEncodableShape {
        public init() {}
    }

    public struct EnableOrganizationsRootSessionsResponse: AWSDecodableShape {
        /// The features you have enabled for centralized root access.
        @OptionalCustomCoding<StandardArrayCoder<FeatureType>>
        public var enabledFeatures: [FeatureType]?
        /// The unique identifier (ID) of an organization.
        public let organizationId: String?

        @inlinable
        public init(enabledFeatures: [FeatureType]? = nil, organizationId: String? = nil) {
            self.enabledFeatures = enabledFeatures
            self.organizationId = organizationId
        }

        private enum CodingKeys: String, CodingKey {
            case enabledFeatures = "EnabledFeatures"
            case organizationId = "OrganizationId"
        }
    }

    public struct EntityDetails: AWSDecodableShape {
        /// The EntityInfo object that contains details about the entity (user or role).
        public let entityInfo: EntityInfo
        /// The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAuthenticated: Date?

        @inlinable
        public init(entityInfo: EntityInfo, lastAuthenticated: Date? = nil) {
            self.entityInfo = entityInfo
            self.lastAuthenticated = lastAuthenticated
        }

        private enum CodingKeys: String, CodingKey {
            case entityInfo = "EntityInfo"
            case lastAuthenticated = "LastAuthenticated"
        }
    }

    public struct EntityInfo: AWSDecodableShape {
        public let arn: String
        /// The identifier of the entity (user or role).
        public let id: String
        /// The name of the entity (user or role).
        public let name: String
        /// The path to the entity (user or role). For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?
        /// The type of entity (user or role).
        public let type: PolicyOwnerEntityType

        @inlinable
        public init(arn: String, id: String, name: String, path: String? = nil, type: PolicyOwnerEntityType) {
            self.arn = arn
            self.id = id
            self.name = name
            self.path = path
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case id = "Id"
            case name = "Name"
            case path = "Path"
            case type = "Type"
        }
    }

    public struct ErrorDetails: AWSDecodableShape {
        /// The error code associated with the operation failure.
        public let code: String
        /// Detailed information about the reason that the operation failed.
        public let message: String

        @inlinable
        public init(code: String, message: String) {
            self.code = code
            self.message = message
        }

        private enum CodingKeys: String, CodingKey {
            case code = "Code"
            case message = "Message"
        }
    }

    public struct EvaluationResult: AWSDecodableShape {
        /// The name of the API operation tested on the indicated resource.
        public let evalActionName: String
        /// The result of the simulation.
        public let evalDecision: PolicyEvaluationDecisionType
        /// Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision. If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned. When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account. If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
        @OptionalCustomCoding<StandardDictionaryCoder<String, PolicyEvaluationDecisionType>>
        public var evalDecisionDetails: [String: PolicyEvaluationDecisionType]?
        /// The ARN of the resource that the indicated API operation was tested on.
        public let evalResourceName: String?
        /// A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
        @OptionalCustomCoding<StandardArrayCoder<Statement>>
        public var matchedStatements: [Statement]?
        /// A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var missingContextValues: [String]?
        /// A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
        public let organizationsDecisionDetail: OrganizationsDecisionDetail?
        /// Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
        public let permissionsBoundaryDecisionDetail: PermissionsBoundaryDecisionDetail?
        /// The individual results of the simulation of the API operation specified in EvalActionName on each resource.
        @OptionalCustomCoding<StandardArrayCoder<ResourceSpecificResult>>
        public var resourceSpecificResults: [ResourceSpecificResult]?

        @inlinable
        public init(evalActionName: String, evalDecision: PolicyEvaluationDecisionType, evalDecisionDetails: [String: PolicyEvaluationDecisionType]? = nil, evalResourceName: String? = nil, matchedStatements: [Statement]? = nil, missingContextValues: [String]? = nil, organizationsDecisionDetail: OrganizationsDecisionDetail? = nil, permissionsBoundaryDecisionDetail: PermissionsBoundaryDecisionDetail? = nil, resourceSpecificResults: [ResourceSpecificResult]? = nil) {
            self.evalActionName = evalActionName
            self.evalDecision = evalDecision
            self.evalDecisionDetails = evalDecisionDetails
            self.evalResourceName = evalResourceName
            self.matchedStatements = matchedStatements
            self.missingContextValues = missingContextValues
            self.organizationsDecisionDetail = organizationsDecisionDetail
            self.permissionsBoundaryDecisionDetail = permissionsBoundaryDecisionDetail
            self.resourceSpecificResults = resourceSpecificResults
        }

        private enum CodingKeys: String, CodingKey {
            case evalActionName = "EvalActionName"
            case evalDecision = "EvalDecision"
            case evalDecisionDetails = "EvalDecisionDetails"
            case evalResourceName = "EvalResourceName"
            case matchedStatements = "MatchedStatements"
            case missingContextValues = "MissingContextValues"
            case organizationsDecisionDetail = "OrganizationsDecisionDetail"
            case permissionsBoundaryDecisionDetail = "PermissionsBoundaryDecisionDetail"
            case resourceSpecificResults = "ResourceSpecificResults"
        }
    }

    public struct GenerateCredentialReportResponse: AWSDecodableShape {
        /// Information about the credential report.
        public let description: String?
        /// Information about the state of the credential report.
        public let state: ReportStateType?

        @inlinable
        public init(description: String? = nil, state: ReportStateType? = nil) {
            self.description = description
            self.state = state
        }

        private enum CodingKeys: String, CodingKey {
            case description = "Description"
            case state = "State"
        }
    }

    public struct GenerateOrganizationsAccessReportRequest: AWSEncodableShape {
        /// The path of the Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
        public let entityPath: String
        /// The identifier of the Organizations service control policy (SCP). This parameter is optional. This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an Amazon Web Services service.
        public let organizationsPolicyId: String?

        @inlinable
        public init(entityPath: String, organizationsPolicyId: String? = nil) {
            self.entityPath = entityPath
            self.organizationsPolicyId = organizationsPolicyId
        }

        public func validate(name: String) throws {
            try self.validate(self.entityPath, name: "entityPath", parent: name, max: 427)
            try self.validate(self.entityPath, name: "entityPath", parent: name, min: 19)
            try self.validate(self.entityPath, name: "entityPath", parent: name, pattern: "^o-[0-9a-z]{10,32}\\/r-[0-9a-z]{4,32}[0-9a-z-\\/]*$")
            try self.validate(self.organizationsPolicyId, name: "organizationsPolicyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
        }

        private enum CodingKeys: String, CodingKey {
            case entityPath = "EntityPath"
            case organizationsPolicyId = "OrganizationsPolicyId"
        }
    }

    public struct GenerateOrganizationsAccessReportResponse: AWSDecodableShape {
        /// The job identifier that you can use in the GetOrganizationsAccessReport operation.
        public let jobId: String?

        @inlinable
        public init(jobId: String? = nil) {
            self.jobId = jobId
        }

        private enum CodingKeys: String, CodingKey {
            case jobId = "JobId"
        }
    }

    public struct GenerateServiceLastAccessedDetailsRequest: AWSEncodableShape {
        /// The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an Amazon Web Services service.
        public let arn: String
        /// The level of detail that you want to generate. You can specify whether you want to generate information about the last attempt to access services or actions. If you specify service-level granularity, this operation generates only service data. If you specify action-level granularity, it generates service and action data. If you don't include this optional parameter, the operation generates service data.
        public let granularity: AccessAdvisorUsageGranularityType?

        @inlinable
        public init(arn: String, granularity: AccessAdvisorUsageGranularityType? = nil) {
            self.arn = arn
            self.granularity = granularity
        }

        public func validate(name: String) throws {
            try self.validate(self.arn, name: "arn", parent: name, max: 2048)
            try self.validate(self.arn, name: "arn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case granularity = "Granularity"
        }
    }

    public struct GenerateServiceLastAccessedDetailsResponse: AWSDecodableShape {
        /// The JobId that you can use in the GetServiceLastAccessedDetails or GetServiceLastAccessedDetailsWithEntities operations. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
        public let jobId: String?

        @inlinable
        public init(jobId: String? = nil) {
            self.jobId = jobId
        }

        private enum CodingKeys: String, CodingKey {
            case jobId = "JobId"
        }
    }

    public struct GetAccessKeyLastUsedRequest: AWSEncodableShape {
        /// The identifier of an access key. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let accessKeyId: String

        @inlinable
        public init(accessKeyId: String) {
            self.accessKeyId = accessKeyId
        }

        public func validate(name: String) throws {
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, max: 128)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, min: 16)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, pattern: "^[\\w]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
        }
    }

    public struct GetAccessKeyLastUsedResponse: AWSDecodableShape {
        /// Contains information about the last time the access key was used.
        public let accessKeyLastUsed: AccessKeyLastUsed?
        /// The name of the IAM user that owns this access key.
        public let userName: String?

        @inlinable
        public init(accessKeyLastUsed: AccessKeyLastUsed? = nil, userName: String? = nil) {
            self.accessKeyLastUsed = accessKeyLastUsed
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyLastUsed = "AccessKeyLastUsed"
            case userName = "UserName"
        }
    }

    public struct GetAccountAuthorizationDetailsRequest: AWSEncodableShape {
        /// A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value LocalManagedPolicy to include customer managed policies. The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.
        @OptionalCustomCoding<StandardArrayCoder<EntityType>>
        public var filter: [EntityType]?
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(filter: [EntityType]? = nil, marker: String? = nil, maxItems: Int? = nil) {
            self.filter = filter
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "Filter"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct GetAccountAuthorizationDetailsResponse: AWSDecodableShape {
        /// A list containing information about IAM groups.
        @OptionalCustomCoding<StandardArrayCoder<GroupDetail>>
        public var groupDetailList: [GroupDetail]?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list containing information about managed policies.
        @OptionalCustomCoding<StandardArrayCoder<ManagedPolicyDetail>>
        public var policies: [ManagedPolicyDetail]?
        /// A list containing information about IAM roles.
        @OptionalCustomCoding<StandardArrayCoder<RoleDetail>>
        public var roleDetailList: [RoleDetail]?
        /// A list containing information about IAM users.
        @OptionalCustomCoding<StandardArrayCoder<UserDetail>>
        public var userDetailList: [UserDetail]?

        @inlinable
        public init(groupDetailList: [GroupDetail]? = nil, isTruncated: Bool? = nil, marker: String? = nil, policies: [ManagedPolicyDetail]? = nil, roleDetailList: [RoleDetail]? = nil, userDetailList: [UserDetail]? = nil) {
            self.groupDetailList = groupDetailList
            self.isTruncated = isTruncated
            self.marker = marker
            self.policies = policies
            self.roleDetailList = roleDetailList
            self.userDetailList = userDetailList
        }

        private enum CodingKeys: String, CodingKey {
            case groupDetailList = "GroupDetailList"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policies = "Policies"
            case roleDetailList = "RoleDetailList"
            case userDetailList = "UserDetailList"
        }
    }

    public struct GetAccountPasswordPolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the account's password policy.
        public let passwordPolicy: PasswordPolicy

        @inlinable
        public init(passwordPolicy: PasswordPolicy) {
            self.passwordPolicy = passwordPolicy
        }

        private enum CodingKeys: String, CodingKey {
            case passwordPolicy = "PasswordPolicy"
        }
    }

    public struct GetAccountSummaryResponse: AWSDecodableShape {
        /// A set of key–value pairs containing information about IAM entity usage and IAM quotas.
        @OptionalCustomCoding<StandardDictionaryCoder<SummaryKeyType, Int>>
        public var summaryMap: [SummaryKeyType: Int]?

        @inlinable
        public init(summaryMap: [SummaryKeyType: Int]? = nil) {
            self.summaryMap = summaryMap
        }

        private enum CodingKeys: String, CodingKey {
            case summaryMap = "SummaryMap"
        }
    }

    public struct GetContextKeysForCustomPolicyRequest: AWSEncodableShape {
        /// A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @CustomCoding<StandardArrayCoder<String>>
        public var policyInputList: [String]

        @inlinable
        public init(policyInputList: [String]) {
            self.policyInputList = policyInputList
        }

        public func validate(name: String) throws {
            try self.policyInputList.forEach {
                try validate($0, name: "policyInputList[]", parent: name, max: 131072)
                try validate($0, name: "policyInputList[]", parent: name, min: 1)
                try validate($0, name: "policyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case policyInputList = "PolicyInputList"
        }
    }

    public struct GetContextKeysForPolicyResponse: AWSDecodableShape {
        /// The list of context keys that are referenced in the input policies.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var contextKeyNames: [String]?

        @inlinable
        public init(contextKeyNames: [String]? = nil) {
            self.contextKeyNames = contextKeyNames
        }

        private enum CodingKeys: String, CodingKey {
            case contextKeyNames = "ContextKeyNames"
        }
    }

    public struct GetContextKeysForPrincipalPolicyRequest: AWSEncodableShape {
        /// An optional list of additional policies for which you want the list of context keys that are referenced. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var policyInputList: [String]?
        /// The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policySourceArn: String

        @inlinable
        public init(policyInputList: [String]? = nil, policySourceArn: String) {
            self.policyInputList = policyInputList
            self.policySourceArn = policySourceArn
        }

        public func validate(name: String) throws {
            try self.policyInputList?.forEach {
                try validate($0, name: "policyInputList[]", parent: name, max: 131072)
                try validate($0, name: "policyInputList[]", parent: name, min: 1)
                try validate($0, name: "policyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
            try self.validate(self.policySourceArn, name: "policySourceArn", parent: name, max: 2048)
            try self.validate(self.policySourceArn, name: "policySourceArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case policyInputList = "PolicyInputList"
            case policySourceArn = "PolicySourceArn"
        }
    }

    public struct GetCredentialReportResponse: AWSDecodableShape {
        /// Contains the credential report. The report is Base64-encoded.
        public let content: AWSBase64Data?
        ///  The date and time when the credential report was created, in ISO 8601 date-time format.
        public let generatedTime: Date?
        /// The format (MIME type) of the credential report.
        public let reportFormat: ReportFormatType?

        @inlinable
        public init(content: AWSBase64Data? = nil, generatedTime: Date? = nil, reportFormat: ReportFormatType? = nil) {
            self.content = content
            self.generatedTime = generatedTime
            self.reportFormat = reportFormat
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case generatedTime = "GeneratedTime"
            case reportFormat = "ReportFormat"
        }
    }

    public struct GetGroupPolicyRequest: AWSEncodableShape {
        /// The name of the group the policy is associated with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The name of the policy document to get. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String

        @inlinable
        public init(groupName: String, policyName: String) {
            self.groupName = groupName
            self.policyName = policyName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyName = "PolicyName"
        }
    }

    public struct GetGroupPolicyResponse: AWSDecodableShape {
        /// The group the policy is associated with.
        public let groupName: String
        /// The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
        public let policyDocument: String
        /// The name of the policy.
        public let policyName: String

        @inlinable
        public init(groupName: String, policyDocument: String, policyName: String) {
            self.groupName = groupName
            self.policyDocument = policyDocument
            self.policyName = policyName
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
        }
    }

    public struct GetGroupRequest: AWSEncodableShape {
        /// The name of the group. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(groupName: String, marker: String? = nil, maxItems: Int? = nil) {
            self.groupName = groupName
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct GetGroupResponse: AWSDecodableShape {
        /// A structure that contains details about the group.
        public let group: Group
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of users in the group.
        @CustomCoding<StandardArrayCoder<User>>
        public var users: [User]

        @inlinable
        public init(group: Group, isTruncated: Bool? = nil, marker: String? = nil, users: [User]) {
            self.group = group
            self.isTruncated = isTruncated
            self.marker = marker
            self.users = users
        }

        private enum CodingKeys: String, CodingKey {
            case group = "Group"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case users = "Users"
        }
    }

    public struct GetInstanceProfileRequest: AWSEncodableShape {
        /// The name of the instance profile to get information about. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String

        @inlinable
        public init(instanceProfileName: String) {
            self.instanceProfileName = instanceProfileName
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
        }
    }

    public struct GetInstanceProfileResponse: AWSDecodableShape {
        /// A structure containing details about the instance profile.
        public let instanceProfile: InstanceProfile

        @inlinable
        public init(instanceProfile: InstanceProfile) {
            self.instanceProfile = instanceProfile
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfile = "InstanceProfile"
        }
    }

    public struct GetLoginProfileRequest: AWSEncodableShape {
        /// The name of the user whose login profile you want to retrieve. This parameter is optional. If no user name is included, it defaults to the principal making the request. When you make this request with root user credentials, you must use an AssumeRoot session to omit the user name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(userName: String? = nil) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct GetLoginProfileResponse: AWSDecodableShape {
        /// A structure containing the user name and the profile creation date for the user.
        public let loginProfile: LoginProfile

        @inlinable
        public init(loginProfile: LoginProfile) {
            self.loginProfile = loginProfile
        }

        private enum CodingKeys: String, CodingKey {
            case loginProfile = "LoginProfile"
        }
    }

    public struct GetMFADeviceRequest: AWSEncodableShape {
        /// Serial number that uniquely identifies the MFA device. For this API, we only accept FIDO security key ARNs.
        public let serialNumber: String
        /// The friendly name identifying the user.
        public let userName: String?

        @inlinable
        public init(serialNumber: String, userName: String? = nil) {
            self.serialNumber = serialNumber
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct GetMFADeviceResponse: AWSDecodableShape {
        /// The certifications of a specified user's MFA device. We currently provide FIPS-140-2, FIPS-140-3, and FIDO certification levels obtained from  FIDO Alliance Metadata Service (MDS).
        @OptionalCustomCoding<StandardDictionaryCoder<String, String>>
        public var certifications: [String: String]?
        /// The date that a specified user's MFA device was first enabled.
        public let enableDate: Date?
        /// Serial number that uniquely identifies the MFA device. For this API, we only accept FIDO security key ARNs.
        public let serialNumber: String
        /// The friendly name identifying the user.
        public let userName: String?

        @inlinable
        public init(certifications: [String: String]? = nil, enableDate: Date? = nil, serialNumber: String, userName: String? = nil) {
            self.certifications = certifications
            self.enableDate = enableDate
            self.serialNumber = serialNumber
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case certifications = "Certifications"
            case enableDate = "EnableDate"
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct GetOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let openIDConnectProviderArn: String

        @inlinable
        public init(openIDConnectProviderArn: String) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
        }
    }

    public struct GetOpenIDConnectProviderResponse: AWSDecodableShape {
        /// A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var clientIDList: [String]?
        /// The date and time when the IAM OIDC provider resource object was created in the Amazon Web Services account.
        public let createDate: Date?
        /// A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var thumbprintList: [String]?
        /// The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.
        public let url: String?

        @inlinable
        public init(clientIDList: [String]? = nil, createDate: Date? = nil, tags: [Tag]? = nil, thumbprintList: [String]? = nil, url: String? = nil) {
            self.clientIDList = clientIDList
            self.createDate = createDate
            self.tags = tags
            self.thumbprintList = thumbprintList
            self.url = url
        }

        private enum CodingKeys: String, CodingKey {
            case clientIDList = "ClientIDList"
            case createDate = "CreateDate"
            case tags = "Tags"
            case thumbprintList = "ThumbprintList"
            case url = "Url"
        }
    }

    public struct GetOrganizationsAccessReportRequest: AWSEncodableShape {
        /// The identifier of the request generated by the GenerateOrganizationsAccessReport operation.
        public let jobId: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The key that is used to sort the results. If you choose the namespace key, the results are returned in alphabetical order. If you choose the time key, the results are sorted numerically by the date and time.
        public let sortKey: SortKeyType?

        @inlinable
        public init(jobId: String, marker: String? = nil, maxItems: Int? = nil, sortKey: SortKeyType? = nil) {
            self.jobId = jobId
            self.marker = marker
            self.maxItems = maxItems
            self.sortKey = sortKey
        }

        public func validate(name: String) throws {
            try self.validate(self.jobId, name: "jobId", parent: name, max: 36)
            try self.validate(self.jobId, name: "jobId", parent: name, min: 36)
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case jobId = "JobId"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case sortKey = "SortKey"
        }
    }

    public struct GetOrganizationsAccessReportResponse: AWSDecodableShape {
        /// An object that contains details about the most recent attempt to access the service.
        @OptionalCustomCoding<StandardArrayCoder<AccessDetail>>
        public var accessDetails: [AccessDetail]?
        public let errorDetails: ErrorDetails?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed. This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
        public let jobCompletionDate: Date?
        /// The date and time, in ISO 8601 date-time format, when the report job was created.
        public let jobCreationDate: Date
        /// The status of the job.
        public let jobStatus: JobStatusType
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The number of services that the applicable SCPs allow account principals to access.
        public let numberOfServicesAccessible: Int?
        /// The number of services that account principals are allowed but did not attempt to access.
        public let numberOfServicesNotAccessed: Int?

        @inlinable
        public init(accessDetails: [AccessDetail]? = nil, errorDetails: ErrorDetails? = nil, isTruncated: Bool? = nil, jobCompletionDate: Date? = nil, jobCreationDate: Date, jobStatus: JobStatusType, marker: String? = nil, numberOfServicesAccessible: Int? = nil, numberOfServicesNotAccessed: Int? = nil) {
            self.accessDetails = accessDetails
            self.errorDetails = errorDetails
            self.isTruncated = isTruncated
            self.jobCompletionDate = jobCompletionDate
            self.jobCreationDate = jobCreationDate
            self.jobStatus = jobStatus
            self.marker = marker
            self.numberOfServicesAccessible = numberOfServicesAccessible
            self.numberOfServicesNotAccessed = numberOfServicesNotAccessed
        }

        private enum CodingKeys: String, CodingKey {
            case accessDetails = "AccessDetails"
            case errorDetails = "ErrorDetails"
            case isTruncated = "IsTruncated"
            case jobCompletionDate = "JobCompletionDate"
            case jobCreationDate = "JobCreationDate"
            case jobStatus = "JobStatus"
            case marker = "Marker"
            case numberOfServicesAccessible = "NumberOfServicesAccessible"
            case numberOfServicesNotAccessed = "NumberOfServicesNotAccessed"
        }
    }

    public struct GetPolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String

        @inlinable
        public init(policyArn: String) {
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
        }
    }

    public struct GetPolicyResponse: AWSDecodableShape {
        /// A structure containing details about the policy.
        public let policy: Policy?

        @inlinable
        public init(policy: Policy? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct GetPolicyVersionRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// Identifies the policy version to retrieve. This parameter allows (through its regex pattern) a string of characters that  consists of the lowercase letter 'v' followed by one or two digits, and optionally  followed by a period '.' and a string of letters and digits.
        public let versionId: String

        @inlinable
        public init(policyArn: String, versionId: String) {
            self.policyArn = policyArn
            self.versionId = versionId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.versionId, name: "versionId", parent: name, pattern: "^v[1-9][0-9]*(\\.[A-Za-z0-9-]*)?$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case versionId = "VersionId"
        }
    }

    public struct GetPolicyVersionResponse: AWSDecodableShape {
        /// A structure containing details about the policy version.
        public let policyVersion: PolicyVersion?

        @inlinable
        public init(policyVersion: PolicyVersion? = nil) {
            self.policyVersion = policyVersion
        }

        private enum CodingKeys: String, CodingKey {
            case policyVersion = "PolicyVersion"
        }
    }

    public struct GetRolePolicyRequest: AWSEncodableShape {
        /// The name of the policy document to get. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name of the role associated with the policy. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyName: String, roleName: String) {
            self.policyName = policyName
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyName = "PolicyName"
            case roleName = "RoleName"
        }
    }

    public struct GetRolePolicyResponse: AWSDecodableShape {
        /// The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
        public let policyDocument: String
        /// The name of the policy.
        public let policyName: String
        /// The role the policy is associated with.
        public let roleName: String

        @inlinable
        public init(policyDocument: String, policyName: String, roleName: String) {
            self.policyDocument = policyDocument
            self.policyName = policyName
            self.roleName = roleName
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
            case roleName = "RoleName"
        }
    }

    public struct GetRoleRequest: AWSEncodableShape {
        /// The name of the IAM role to get information about. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(roleName: String) {
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
        }
    }

    public struct GetRoleResponse: AWSDecodableShape {
        /// A structure containing details about the IAM role.
        public let role: Role

        @inlinable
        public init(role: Role) {
            self.role = role
        }

        private enum CodingKeys: String, CodingKey {
            case role = "Role"
        }
    }

    public struct GetSAMLProviderRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let samlProviderArn: String

        @inlinable
        public init(samlProviderArn: String) {
            self.samlProviderArn = samlProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
        }
    }

    public struct GetSAMLProviderResponse: AWSDecodableShape {
        /// Specifies the encryption setting for the SAML provider.
        public let assertionEncryptionMode: AssertionEncryptionModeType?
        /// The date and time when the SAML provider was created.
        public let createDate: Date?
        /// The private key metadata for the SAML provider.
        @OptionalCustomCoding<StandardArrayCoder<SAMLPrivateKey>>
        public var privateKeyList: [SAMLPrivateKey]?
        /// The XML metadata document that includes information about an identity provider.
        public let samlMetadataDocument: String?
        /// The unique identifier assigned to the SAML provider.
        public let samlProviderUUID: String?
        /// A list of tags that are attached to the specified IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The expiration date and time for the SAML provider.
        public let validUntil: Date?

        @inlinable
        public init(assertionEncryptionMode: AssertionEncryptionModeType? = nil, createDate: Date? = nil, privateKeyList: [SAMLPrivateKey]? = nil, samlMetadataDocument: String? = nil, samlProviderUUID: String? = nil, tags: [Tag]? = nil, validUntil: Date? = nil) {
            self.assertionEncryptionMode = assertionEncryptionMode
            self.createDate = createDate
            self.privateKeyList = privateKeyList
            self.samlMetadataDocument = samlMetadataDocument
            self.samlProviderUUID = samlProviderUUID
            self.tags = tags
            self.validUntil = validUntil
        }

        private enum CodingKeys: String, CodingKey {
            case assertionEncryptionMode = "AssertionEncryptionMode"
            case createDate = "CreateDate"
            case privateKeyList = "PrivateKeyList"
            case samlMetadataDocument = "SAMLMetadataDocument"
            case samlProviderUUID = "SAMLProviderUUID"
            case tags = "Tags"
            case validUntil = "ValidUntil"
        }
    }

    public struct GetSSHPublicKeyRequest: AWSEncodableShape {
        /// Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
        public let encoding: EncodingType
        /// The unique identifier for the SSH public key. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let sshPublicKeyId: String
        /// The name of the IAM user associated with the SSH public key. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(encoding: EncodingType, sshPublicKeyId: String, userName: String) {
            self.encoding = encoding
            self.sshPublicKeyId = sshPublicKeyId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, max: 128)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, min: 20)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case encoding = "Encoding"
            case sshPublicKeyId = "SSHPublicKeyId"
            case userName = "UserName"
        }
    }

    public struct GetSSHPublicKeyResponse: AWSDecodableShape {
        /// A structure containing details about the SSH public key.
        public let sshPublicKey: SSHPublicKey?

        @inlinable
        public init(sshPublicKey: SSHPublicKey? = nil) {
            self.sshPublicKey = sshPublicKey
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKey = "SSHPublicKey"
        }
    }

    public struct GetServerCertificateRequest: AWSEncodableShape {
        /// The name of the server certificate you want to retrieve information about. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String

        @inlinable
        public init(serverCertificateName: String) {
            self.serverCertificateName = serverCertificateName
        }

        public func validate(name: String) throws {
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificateName = "ServerCertificateName"
        }
    }

    public struct GetServerCertificateResponse: AWSDecodableShape {
        /// A structure containing details about the server certificate.
        public let serverCertificate: ServerCertificate

        @inlinable
        public init(serverCertificate: ServerCertificate) {
            self.serverCertificate = serverCertificate
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificate = "ServerCertificate"
        }
    }

    public struct GetServiceLastAccessedDetailsRequest: AWSEncodableShape {
        /// The ID of the request generated by the GenerateServiceLastAccessedDetails operation. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
        public let jobId: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(jobId: String, marker: String? = nil, maxItems: Int? = nil) {
            self.jobId = jobId
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.jobId, name: "jobId", parent: name, max: 36)
            try self.validate(self.jobId, name: "jobId", parent: name, min: 36)
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case jobId = "JobId"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct GetServiceLastAccessedDetailsResponse: AWSDecodableShape {
        /// An object that contains details about the reason the operation failed.
        public let error: ErrorDetails?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed. This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
        public let jobCompletionDate: Date
        /// The date and time, in ISO 8601 date-time format, when the report job was created.
        public let jobCreationDate: Date
        /// The status of the job.
        public let jobStatus: JobStatusType
        /// The type of job. Service jobs return information about when each service was last accessed. Action jobs also include information about when tracked actions within the service were last accessed.
        public let jobType: AccessAdvisorUsageGranularityType?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        ///  A ServiceLastAccessed object that contains details about the most recent attempt to access the service.
        @CustomCoding<StandardArrayCoder<ServiceLastAccessed>>
        public var servicesLastAccessed: [ServiceLastAccessed]

        @inlinable
        public init(error: ErrorDetails? = nil, isTruncated: Bool? = nil, jobCompletionDate: Date, jobCreationDate: Date, jobStatus: JobStatusType, jobType: AccessAdvisorUsageGranularityType? = nil, marker: String? = nil, servicesLastAccessed: [ServiceLastAccessed]) {
            self.error = error
            self.isTruncated = isTruncated
            self.jobCompletionDate = jobCompletionDate
            self.jobCreationDate = jobCreationDate
            self.jobStatus = jobStatus
            self.jobType = jobType
            self.marker = marker
            self.servicesLastAccessed = servicesLastAccessed
        }

        private enum CodingKeys: String, CodingKey {
            case error = "Error"
            case isTruncated = "IsTruncated"
            case jobCompletionDate = "JobCompletionDate"
            case jobCreationDate = "JobCreationDate"
            case jobStatus = "JobStatus"
            case jobType = "JobType"
            case marker = "Marker"
            case servicesLastAccessed = "ServicesLastAccessed"
        }
    }

    public struct GetServiceLastAccessedDetailsWithEntitiesRequest: AWSEncodableShape {
        /// The ID of the request generated by the GenerateServiceLastAccessedDetails operation.
        public let jobId: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service. To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
        public let serviceNamespace: String

        @inlinable
        public init(jobId: String, marker: String? = nil, maxItems: Int? = nil, serviceNamespace: String) {
            self.jobId = jobId
            self.marker = marker
            self.maxItems = maxItems
            self.serviceNamespace = serviceNamespace
        }

        public func validate(name: String) throws {
            try self.validate(self.jobId, name: "jobId", parent: name, max: 36)
            try self.validate(self.jobId, name: "jobId", parent: name, min: 36)
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.serviceNamespace, name: "serviceNamespace", parent: name, max: 64)
            try self.validate(self.serviceNamespace, name: "serviceNamespace", parent: name, min: 1)
            try self.validate(self.serviceNamespace, name: "serviceNamespace", parent: name, pattern: "^[\\w-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case jobId = "JobId"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case serviceNamespace = "ServiceNamespace"
        }
    }

    public struct GetServiceLastAccessedDetailsWithEntitiesResponse: AWSDecodableShape {
        /// An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service.
        @CustomCoding<StandardArrayCoder<EntityDetails>>
        public var entityDetailsList: [EntityDetails]
        /// An object that contains details about the reason the operation failed.
        public let error: ErrorDetails?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed. This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
        public let jobCompletionDate: Date
        /// The date and time, in ISO 8601 date-time format, when the report job was created.
        public let jobCreationDate: Date
        /// The status of the job.
        public let jobStatus: JobStatusType
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(entityDetailsList: [EntityDetails], error: ErrorDetails? = nil, isTruncated: Bool? = nil, jobCompletionDate: Date, jobCreationDate: Date, jobStatus: JobStatusType, marker: String? = nil) {
            self.entityDetailsList = entityDetailsList
            self.error = error
            self.isTruncated = isTruncated
            self.jobCompletionDate = jobCompletionDate
            self.jobCreationDate = jobCreationDate
            self.jobStatus = jobStatus
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case entityDetailsList = "EntityDetailsList"
            case error = "Error"
            case isTruncated = "IsTruncated"
            case jobCompletionDate = "JobCompletionDate"
            case jobCreationDate = "JobCreationDate"
            case jobStatus = "JobStatus"
            case marker = "Marker"
        }
    }

    public struct GetServiceLinkedRoleDeletionStatusRequest: AWSEncodableShape {
        /// The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the format task/aws-service-role///.
        public let deletionTaskId: String

        @inlinable
        public init(deletionTaskId: String) {
            self.deletionTaskId = deletionTaskId
        }

        public func validate(name: String) throws {
            try self.validate(self.deletionTaskId, name: "deletionTaskId", parent: name, max: 1000)
            try self.validate(self.deletionTaskId, name: "deletionTaskId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case deletionTaskId = "DeletionTaskId"
        }
    }

    public struct GetServiceLinkedRoleDeletionStatusResponse: AWSDecodableShape {
        /// An object that contains details about the reason the deletion failed.
        public let reason: DeletionTaskFailureReasonType?
        /// The status of the deletion.
        public let status: DeletionTaskStatusType

        @inlinable
        public init(reason: DeletionTaskFailureReasonType? = nil, status: DeletionTaskStatusType) {
            self.reason = reason
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case reason = "Reason"
            case status = "Status"
        }
    }

    public struct GetUserPolicyRequest: AWSEncodableShape {
        /// The name of the policy document to get. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name of the user who the policy is associated with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(policyName: String, userName: String) {
            self.policyName = policyName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyName = "PolicyName"
            case userName = "UserName"
        }
    }

    public struct GetUserPolicyResponse: AWSDecodableShape {
        /// The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
        public let policyDocument: String
        /// The name of the policy.
        public let policyName: String
        /// The user the policy is associated with.
        public let userName: String

        @inlinable
        public init(policyDocument: String, policyName: String, userName: String) {
            self.policyDocument = policyDocument
            self.policyName = policyName
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
            case userName = "UserName"
        }
    }

    public struct GetUserRequest: AWSEncodableShape {
        /// The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(userName: String? = nil) {
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case userName = "UserName"
        }
    }

    public struct GetUserResponse: AWSDecodableShape {
        /// A structure containing details about the IAM user.  Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate. You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to Amazon Web Services in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access Amazon Web Services programmatically you can refer to access key last used information because it is accurate for all dates.
        public let user: User

        @inlinable
        public init(user: User) {
            self.user = user
        }

        private enum CodingKeys: String, CodingKey {
            case user = "User"
        }
    }

    public struct Group: AWSDecodableShape {
        ///  The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
        public let arn: String
        /// The date and time, in ISO 8601 date-time format, when the group was created.
        public let createDate: Date
        ///  The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let groupId: String
        /// The friendly name that identifies the group.
        public let groupName: String
        /// The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String

        @inlinable
        public init(arn: String, createDate: Date, groupId: String, groupName: String, path: String) {
            self.arn = arn
            self.createDate = createDate
            self.groupId = groupId
            self.groupName = groupName
            self.path = path
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createDate = "CreateDate"
            case groupId = "GroupId"
            case groupName = "GroupName"
            case path = "Path"
        }
    }

    public struct GroupDetail: AWSDecodableShape {
        public let arn: String?
        /// A list of the managed policies attached to the group.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedManagedPolicies: [AttachedPolicy]?
        /// The date and time, in ISO 8601 date-time format, when the group was created.
        public let createDate: Date?
        /// The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let groupId: String?
        /// The friendly name that identifies the group.
        public let groupName: String?
        /// A list of the inline policies embedded in the group.
        @OptionalCustomCoding<StandardArrayCoder<PolicyDetail>>
        public var groupPolicyList: [PolicyDetail]?
        /// The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?

        @inlinable
        public init(arn: String? = nil, attachedManagedPolicies: [AttachedPolicy]? = nil, createDate: Date? = nil, groupId: String? = nil, groupName: String? = nil, groupPolicyList: [PolicyDetail]? = nil, path: String? = nil) {
            self.arn = arn
            self.attachedManagedPolicies = attachedManagedPolicies
            self.createDate = createDate
            self.groupId = groupId
            self.groupName = groupName
            self.groupPolicyList = groupPolicyList
            self.path = path
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case attachedManagedPolicies = "AttachedManagedPolicies"
            case createDate = "CreateDate"
            case groupId = "GroupId"
            case groupName = "GroupName"
            case groupPolicyList = "GroupPolicyList"
            case path = "Path"
        }
    }

    public struct InstanceProfile: AWSDecodableShape {
        ///  The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
        public let arn: String
        /// The date when the instance profile was created.
        public let createDate: Date
        ///  The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let instanceProfileId: String
        /// The name identifying the instance profile.
        public let instanceProfileName: String
        ///  The path to the instance profile. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String
        /// The role associated with the instance profile.
        @CustomCoding<StandardArrayCoder<Role>>
        public var roles: [Role]
        /// A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(arn: String, createDate: Date, instanceProfileId: String, instanceProfileName: String, path: String, roles: [Role], tags: [Tag]? = nil) {
            self.arn = arn
            self.createDate = createDate
            self.instanceProfileId = instanceProfileId
            self.instanceProfileName = instanceProfileName
            self.path = path
            self.roles = roles
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createDate = "CreateDate"
            case instanceProfileId = "InstanceProfileId"
            case instanceProfileName = "InstanceProfileName"
            case path = "Path"
            case roles = "Roles"
            case tags = "Tags"
        }
    }

    public struct ListAccessKeysRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the user. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListAccessKeysResponse: AWSDecodableShape {
        /// A list of objects containing metadata about the access keys.
        @CustomCoding<StandardArrayCoder<AccessKeyMetadata>>
        public var accessKeyMetadata: [AccessKeyMetadata]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(accessKeyMetadata: [AccessKeyMetadata], isTruncated: Bool? = nil, marker: String? = nil) {
            self.accessKeyMetadata = accessKeyMetadata
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyMetadata = "AccessKeyMetadata"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListAccountAliasesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil) {
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct ListAccountAliasesResponse: AWSDecodableShape {
        /// A list of aliases associated with the account. Amazon Web Services supports only one alias per account.
        @CustomCoding<StandardArrayCoder<String>>
        public var accountAliases: [String]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(accountAliases: [String], isTruncated: Bool? = nil, marker: String? = nil) {
            self.accountAliases = accountAliases
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case accountAliases = "AccountAliases"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListAttachedGroupPoliciesRequest: AWSEncodableShape {
        /// The name (friendly name, not ARN) of the group to list attached policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(groupName: String, marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.groupName = groupName
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListAttachedGroupPoliciesResponse: AWSDecodableShape {
        /// A list of the attached policies.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedPolicies: [AttachedPolicy]?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(attachedPolicies: [AttachedPolicy]? = nil, isTruncated: Bool? = nil, marker: String? = nil) {
            self.attachedPolicies = attachedPolicies
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case attachedPolicies = "AttachedPolicies"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListAttachedRolePoliciesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?
        /// The name (friendly name, not ARN) of the role to list attached policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil, roleName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
            case roleName = "RoleName"
        }
    }

    public struct ListAttachedRolePoliciesResponse: AWSDecodableShape {
        /// A list of the attached policies.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedPolicies: [AttachedPolicy]?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(attachedPolicies: [AttachedPolicy]? = nil, isTruncated: Bool? = nil, marker: String? = nil) {
            self.attachedPolicies = attachedPolicies
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case attachedPolicies = "AttachedPolicies"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListAttachedUserPoliciesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?
        /// The name (friendly name, not ARN) of the user to list attached policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil, userName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
            case userName = "UserName"
        }
    }

    public struct ListAttachedUserPoliciesResponse: AWSDecodableShape {
        /// A list of the attached policies.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedPolicies: [AttachedPolicy]?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(attachedPolicies: [AttachedPolicy]? = nil, isTruncated: Bool? = nil, marker: String? = nil) {
            self.attachedPolicies = attachedPolicies
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case attachedPolicies = "AttachedPolicies"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListEntitiesForPolicyRequest: AWSEncodableShape {
        /// The entity type to use for filtering the results. For example, when EntityFilter is Role, only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
        public let entityFilter: EntityType?
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?
        /// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The policy usage method to use for filtering the results. To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary. This parameter is optional. If it is not included, all policies are returned.
        public let policyUsageFilter: PolicyUsageType?

        @inlinable
        public init(entityFilter: EntityType? = nil, marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil, policyArn: String, policyUsageFilter: PolicyUsageType? = nil) {
            self.entityFilter = entityFilter
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
            self.policyArn = policyArn
            self.policyUsageFilter = policyUsageFilter
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case entityFilter = "EntityFilter"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
            case policyArn = "PolicyArn"
            case policyUsageFilter = "PolicyUsageFilter"
        }
    }

    public struct ListEntitiesForPolicyResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of IAM groups that the policy is attached to.
        @OptionalCustomCoding<StandardArrayCoder<PolicyGroup>>
        public var policyGroups: [PolicyGroup]?
        /// A list of IAM roles that the policy is attached to.
        @OptionalCustomCoding<StandardArrayCoder<PolicyRole>>
        public var policyRoles: [PolicyRole]?
        /// A list of IAM users that the policy is attached to.
        @OptionalCustomCoding<StandardArrayCoder<PolicyUser>>
        public var policyUsers: [PolicyUser]?

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policyGroups: [PolicyGroup]? = nil, policyRoles: [PolicyRole]? = nil, policyUsers: [PolicyUser]? = nil) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policyGroups = policyGroups
            self.policyRoles = policyRoles
            self.policyUsers = policyUsers
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policyGroups = "PolicyGroups"
            case policyRoles = "PolicyRoles"
            case policyUsers = "PolicyUsers"
        }
    }

    public struct ListGroupPoliciesRequest: AWSEncodableShape {
        /// The name of the group to list policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(groupName: String, marker: String? = nil, maxItems: Int? = nil) {
            self.groupName = groupName
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct ListGroupPoliciesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of policy names. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        @CustomCoding<StandardArrayCoder<String>>
        public var policyNames: [String]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policyNames: [String]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policyNames = policyNames
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policyNames = "PolicyNames"
        }
    }

    public struct ListGroupsForUserRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the user to list groups for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListGroupsForUserResponse: AWSDecodableShape {
        /// A list of groups.
        @CustomCoding<StandardArrayCoder<Group>>
        public var groups: [Group]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(groups: [Group], isTruncated: Bool? = nil, marker: String? = nil) {
            self.groups = groups
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case groups = "Groups"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListGroupsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        ///  The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/ gets all groups whose path starts with /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^\\u002F[\\u0021-\\u007F]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListGroupsResponse: AWSDecodableShape {
        /// A list of groups.
        @CustomCoding<StandardArrayCoder<Group>>
        public var groups: [Group]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(groups: [Group], isTruncated: Bool? = nil, marker: String? = nil) {
            self.groups = groups
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case groups = "Groups"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListInstanceProfileTagsRequest: AWSEncodableShape {
        /// The name of the IAM instance profile whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(instanceProfileName: String, marker: String? = nil, maxItems: Int? = nil) {
            self.instanceProfileName = instanceProfileName
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct ListInstanceProfileTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the IAM instance profile. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListInstanceProfilesForRoleRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the role to list instance profiles for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, roleName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case roleName = "RoleName"
        }
    }

    public struct ListInstanceProfilesForRoleResponse: AWSDecodableShape {
        /// A list of instance profiles.
        @CustomCoding<StandardArrayCoder<InstanceProfile>>
        public var instanceProfiles: [InstanceProfile]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(instanceProfiles: [InstanceProfile], isTruncated: Bool? = nil, marker: String? = nil) {
            self.instanceProfiles = instanceProfiles
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfiles = "InstanceProfiles"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListInstanceProfilesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        ///  The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all instance profiles whose path starts with /application_abc/component_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^\\u002F[\\u0021-\\u007F]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListInstanceProfilesResponse: AWSDecodableShape {
        /// A list of instance profiles.
        @CustomCoding<StandardArrayCoder<InstanceProfile>>
        public var instanceProfiles: [InstanceProfile]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(instanceProfiles: [InstanceProfile], isTruncated: Bool? = nil, marker: String? = nil) {
            self.instanceProfiles = instanceProfiles
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfiles = "InstanceProfiles"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListMFADeviceTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serialNumber: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, serialNumber: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.serialNumber = serialNumber
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case serialNumber = "SerialNumber"
        }
    }

    public struct ListMFADeviceTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the virtual MFA device. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListMFADevicesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the user whose MFA devices you want to list. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListMFADevicesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of MFA devices.
        @CustomCoding<StandardArrayCoder<MFADevice>>
        public var mfaDevices: [MFADevice]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, mfaDevices: [MFADevice]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.mfaDevices = mfaDevices
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case mfaDevices = "MFADevices"
        }
    }

    public struct ListOpenIDConnectProviderTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The ARN of the OpenID Connect (OIDC) identity provider whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let openIDConnectProviderArn: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, openIDConnectProviderArn: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.openIDConnectProviderArn = openIDConnectProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
        }
    }

    public struct ListOpenIDConnectProviderTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the OpenID Connect (OIDC) identity provider. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListOpenIDConnectProvidersRequest: AWSEncodableShape {
        public init() {}
    }

    public struct ListOpenIDConnectProvidersResponse: AWSDecodableShape {
        /// The list of IAM OIDC provider resource objects defined in the Amazon Web Services account.
        @OptionalCustomCoding<StandardArrayCoder<OpenIDConnectProviderListEntry>>
        public var openIDConnectProviderList: [OpenIDConnectProviderListEntry]?

        @inlinable
        public init(openIDConnectProviderList: [OpenIDConnectProviderListEntry]? = nil) {
            self.openIDConnectProviderList = openIDConnectProviderList
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderList = "OpenIDConnectProviderList"
        }
    }

    public struct ListOrganizationsFeaturesRequest: AWSEncodableShape {
        public init() {}
    }

    public struct ListOrganizationsFeaturesResponse: AWSDecodableShape {
        /// Specifies the features that are currently available in your organization.
        @OptionalCustomCoding<StandardArrayCoder<FeatureType>>
        public var enabledFeatures: [FeatureType]?
        /// The unique identifier (ID) of an organization.
        public let organizationId: String?

        @inlinable
        public init(enabledFeatures: [FeatureType]? = nil, organizationId: String? = nil) {
            self.enabledFeatures = enabledFeatures
            self.organizationId = organizationId
        }

        private enum CodingKeys: String, CodingKey {
            case enabledFeatures = "EnabledFeatures"
            case organizationId = "OrganizationId"
        }
    }

    public struct ListPoliciesGrantingServiceAccessEntry: AWSDecodableShape {
        /// The PoliciesGrantingServiceAccess object that contains details about the policy.
        @OptionalCustomCoding<StandardArrayCoder<PolicyGrantingServiceAccess>>
        public var policies: [PolicyGrantingServiceAccess]?
        /// The namespace of the service that was accessed. To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
        public let serviceNamespace: String?

        @inlinable
        public init(policies: [PolicyGrantingServiceAccess]? = nil, serviceNamespace: String? = nil) {
            self.policies = policies
            self.serviceNamespace = serviceNamespace
        }

        private enum CodingKeys: String, CodingKey {
            case policies = "Policies"
            case serviceNamespace = "ServiceNamespace"
        }
    }

    public struct ListPoliciesGrantingServiceAccessRequest: AWSEncodableShape {
        /// The ARN of the IAM identity (user, group, or role) whose policies you want to list.
        public let arn: String
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// The service namespace for the Amazon Web Services services whose policies you want to list. To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
        @CustomCoding<StandardArrayCoder<String>>
        public var serviceNamespaces: [String]

        @inlinable
        public init(arn: String, marker: String? = nil, serviceNamespaces: [String]) {
            self.arn = arn
            self.marker = marker
            self.serviceNamespaces = serviceNamespaces
        }

        public func validate(name: String) throws {
            try self.validate(self.arn, name: "arn", parent: name, max: 2048)
            try self.validate(self.arn, name: "arn", parent: name, min: 20)
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.serviceNamespaces.forEach {
                try validate($0, name: "serviceNamespaces[]", parent: name, max: 64)
                try validate($0, name: "serviceNamespaces[]", parent: name, min: 1)
                try validate($0, name: "serviceNamespaces[]", parent: name, pattern: "^[\\w-]*$")
            }
            try self.validate(self.serviceNamespaces, name: "serviceNamespaces", parent: name, max: 200)
            try self.validate(self.serviceNamespaces, name: "serviceNamespaces", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case marker = "Marker"
            case serviceNamespaces = "ServiceNamespaces"
        }
    }

    public struct ListPoliciesGrantingServiceAccessResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A ListPoliciesGrantingServiceAccess object that contains details about the permissions policies attached to the specified identity (user, group, or role).
        @CustomCoding<StandardArrayCoder<ListPoliciesGrantingServiceAccessEntry>>
        public var policiesGrantingServiceAccess: [ListPoliciesGrantingServiceAccessEntry]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policiesGrantingServiceAccess: [ListPoliciesGrantingServiceAccessEntry]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policiesGrantingServiceAccess = policiesGrantingServiceAccess
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policiesGrantingServiceAccess = "PoliciesGrantingServiceAccess"
        }
    }

    public struct ListPoliciesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// A flag to filter the results to only the attached policies. When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.
        public let onlyAttached: Bool?
        /// The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?
        /// The policy usage method to use for filtering the results. To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary. This parameter is optional. If it is not included, all policies are returned.
        public let policyUsageFilter: PolicyUsageType?
        /// The scope to use for filtering the results. To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your Amazon Web Services account, set Scope to Local. This parameter is optional. If it is not included, or if it is set to All, all policies are returned.
        public let scope: PolicyScopeType?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, onlyAttached: Bool? = nil, pathPrefix: String? = nil, policyUsageFilter: PolicyUsageType? = nil, scope: PolicyScopeType? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.onlyAttached = onlyAttached
            self.pathPrefix = pathPrefix
            self.policyUsageFilter = policyUsageFilter
            self.scope = scope
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case onlyAttached = "OnlyAttached"
            case pathPrefix = "PathPrefix"
            case policyUsageFilter = "PolicyUsageFilter"
            case scope = "Scope"
        }
    }

    public struct ListPoliciesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of policies.
        @OptionalCustomCoding<StandardArrayCoder<Policy>>
        public var policies: [Policy]?

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policies: [Policy]? = nil) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policies = policies
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policies = "Policies"
        }
    }

    public struct ListPolicyTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The ARN of the IAM customer managed policy whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyArn: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, policyArn: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case policyArn = "PolicyArn"
        }
    }

    public struct ListPolicyTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the IAM customer managed policy. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListPolicyVersionsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, policyArn: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.policyArn = policyArn
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case policyArn = "PolicyArn"
        }
    }

    public struct ListPolicyVersionsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of policy versions. For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<PolicyVersion>>
        public var versions: [PolicyVersion]?

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, versions: [PolicyVersion]? = nil) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.versions = versions
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case versions = "Versions"
        }
    }

    public struct ListRolePoliciesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the role to list policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, roleName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case roleName = "RoleName"
        }
    }

    public struct ListRolePoliciesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of policy names.
        @CustomCoding<StandardArrayCoder<String>>
        public var policyNames: [String]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policyNames: [String]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policyNames = policyNames
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policyNames = "PolicyNames"
        }
    }

    public struct ListRoleTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the IAM role for which you want to see the list of tags. This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, roleName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case roleName = "RoleName"
        }
    }

    public struct ListRoleTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the role. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListRolesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        ///  The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all roles whose path starts with /application_abc/component_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^\\u002F[\\u0021-\\u007F]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListRolesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of roles.
        @CustomCoding<StandardArrayCoder<Role>>
        public var roles: [Role]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, roles: [Role]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.roles = roles
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case roles = "Roles"
        }
    }

    public struct ListSAMLProviderTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The ARN of the Security Assertion Markup Language (SAML) identity provider whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let samlProviderArn: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, samlProviderArn: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.samlProviderArn = samlProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case samlProviderArn = "SAMLProviderArn"
        }
    }

    public struct ListSAMLProviderTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the Security Assertion Markup Language (SAML) identity provider. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListSAMLProvidersRequest: AWSEncodableShape {
        public init() {}
    }

    public struct ListSAMLProvidersResponse: AWSDecodableShape {
        /// The list of SAML provider resource objects defined in IAM for this Amazon Web Services account.
        @OptionalCustomCoding<StandardArrayCoder<SAMLProviderListEntry>>
        public var samlProviderList: [SAMLProviderListEntry]?

        @inlinable
        public init(samlProviderList: [SAMLProviderListEntry]? = nil) {
            self.samlProviderList = samlProviderList
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderList = "SAMLProviderList"
        }
    }

    public struct ListSSHPublicKeysRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListSSHPublicKeysResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of the SSH public keys assigned to IAM user.
        @OptionalCustomCoding<StandardArrayCoder<SSHPublicKeyMetadata>>
        public var sshPublicKeys: [SSHPublicKeyMetadata]?

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, sshPublicKeys: [SSHPublicKeyMetadata]? = nil) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.sshPublicKeys = sshPublicKeys
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case sshPublicKeys = "SSHPublicKeys"
        }
    }

    public struct ListServerCertificateTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the IAM server certificate whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, serverCertificateName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.serverCertificateName = serverCertificateName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case serverCertificateName = "ServerCertificateName"
        }
    }

    public struct ListServerCertificateTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the IAM server certificate. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListServerCertificatesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        ///  The path prefix for filtering the results. For example: /company/servercerts would get all server certificates for which the path starts with /company/servercerts. This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^\\u002F[\\u0021-\\u007F]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListServerCertificatesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of server certificates.
        @CustomCoding<StandardArrayCoder<ServerCertificateMetadata>>
        public var serverCertificateMetadataList: [ServerCertificateMetadata]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, serverCertificateMetadataList: [ServerCertificateMetadata]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.serverCertificateMetadataList = serverCertificateMetadataList
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case serverCertificateMetadataList = "ServerCertificateMetadataList"
        }
    }

    public struct ListServiceSpecificCredentialsRequest: AWSEncodableShape {
        /// A flag indicating whether to list service specific credentials for all users. This parameter cannot be specified together with UserName. When true, returns all credentials associated with the specified service.
        public let allUsers: Bool?
        /// Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker from the response that you received to indicate where the next call should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
        public let maxItems: Int?
        /// Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services.
        public let serviceName: String?
        /// The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(allUsers: Bool? = nil, marker: String? = nil, maxItems: Int? = nil, serviceName: String? = nil, userName: String? = nil) {
            self.allUsers = allUsers
            self.marker = marker
            self.maxItems = maxItems
            self.serviceName = serviceName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case allUsers = "AllUsers"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case serviceName = "ServiceName"
            case userName = "UserName"
        }
    }

    public struct ListServiceSpecificCredentialsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
        public let marker: String?
        /// A list of structures that each contain details about a service-specific credential.
        @OptionalCustomCoding<StandardArrayCoder<ServiceSpecificCredentialMetadata>>
        public var serviceSpecificCredentials: [ServiceSpecificCredentialMetadata]?

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, serviceSpecificCredentials: [ServiceSpecificCredentialMetadata]? = nil) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.serviceSpecificCredentials = serviceSpecificCredentials
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case serviceSpecificCredentials = "ServiceSpecificCredentials"
        }
    }

    public struct ListSigningCertificatesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the IAM user whose signing certificates you want to examine. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListSigningCertificatesResponse: AWSDecodableShape {
        /// A list of the user's signing certificate information.
        @CustomCoding<StandardArrayCoder<SigningCertificate>>
        public var certificates: [SigningCertificate]
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(certificates: [SigningCertificate], isTruncated: Bool? = nil, marker: String? = nil) {
            self.certificates = certificates
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case certificates = "Certificates"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct ListUserPoliciesRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the user to list policies for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListUserPoliciesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of policy names.
        @CustomCoding<StandardArrayCoder<String>>
        public var policyNames: [String]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, policyNames: [String]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.policyNames = policyNames
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case policyNames = "PolicyNames"
        }
    }

    public struct ListUserTagsRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The name of the IAM user whose tags you want to see. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, userName: String) {
            self.marker = marker
            self.maxItems = maxItems
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case userName = "UserName"
        }
    }

    public struct ListUserTagsResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// The list of tags that are currently attached to the user. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, tags: [Tag]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case tags = "Tags"
        }
    }

    public struct ListUsersRequest: AWSEncodableShape {
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        ///  The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/, which would get all user names whose path starts with /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let pathPrefix: String?

        @inlinable
        public init(marker: String? = nil, maxItems: Int? = nil, pathPrefix: String? = nil) {
            self.marker = marker
            self.maxItems = maxItems
            self.pathPrefix = pathPrefix
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, max: 512)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, min: 1)
            try self.validate(self.pathPrefix, name: "pathPrefix", parent: name, pattern: "^\\u002F[\\u0021-\\u007F]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case marker = "Marker"
            case maxItems = "MaxItems"
            case pathPrefix = "PathPrefix"
        }
    }

    public struct ListUsersResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?
        /// A list of users.
        @CustomCoding<StandardArrayCoder<User>>
        public var users: [User]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, users: [User]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.users = users
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case users = "Users"
        }
    }

    public struct ListVirtualMFADevicesRequest: AWSEncodableShape {
        ///  The status (Unassigned or Assigned) of the devices to list. If you do not specify an AssignmentStatus, the operation defaults to Any, which lists both assigned and unassigned virtual MFA devices.,
        public let assignmentStatus: AssignmentStatusType?
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?

        @inlinable
        public init(assignmentStatus: AssignmentStatusType? = nil, marker: String? = nil, maxItems: Int? = nil) {
            self.assignmentStatus = assignmentStatus
            self.marker = marker
            self.maxItems = maxItems
        }

        public func validate(name: String) throws {
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case assignmentStatus = "AssignmentStatus"
            case marker = "Marker"
            case maxItems = "MaxItems"
        }
    }

    public struct ListVirtualMFADevicesResponse: AWSDecodableShape {
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
        public let marker: String?
        ///  The list of virtual MFA devices in the current account that match the AssignmentStatus value that was passed in the request.
        @CustomCoding<StandardArrayCoder<VirtualMFADevice>>
        public var virtualMFADevices: [VirtualMFADevice]

        @inlinable
        public init(isTruncated: Bool? = nil, marker: String? = nil, virtualMFADevices: [VirtualMFADevice]) {
            self.isTruncated = isTruncated
            self.marker = marker
            self.virtualMFADevices = virtualMFADevices
        }

        private enum CodingKeys: String, CodingKey {
            case isTruncated = "IsTruncated"
            case marker = "Marker"
            case virtualMFADevices = "VirtualMFADevices"
        }
    }

    public struct LoginProfile: AWSDecodableShape {
        /// The date when the password for the user was created.
        public let createDate: Date
        /// Specifies whether the user is required to set a new password on next sign-in.
        public let passwordResetRequired: Bool?
        /// The name of the user, which can be used for signing in to the Amazon Web Services Management Console.
        public let userName: String

        @inlinable
        public init(createDate: Date, passwordResetRequired: Bool? = nil, userName: String) {
            self.createDate = createDate
            self.passwordResetRequired = passwordResetRequired
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case createDate = "CreateDate"
            case passwordResetRequired = "PasswordResetRequired"
            case userName = "UserName"
        }
    }

    public struct MFADevice: AWSDecodableShape {
        /// The date when the MFA device was enabled for the user.
        public let enableDate: Date
        /// The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
        public let serialNumber: String
        /// The user with whom the MFA device is associated.
        public let userName: String

        @inlinable
        public init(enableDate: Date, serialNumber: String, userName: String) {
            self.enableDate = enableDate
            self.serialNumber = serialNumber
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case enableDate = "EnableDate"
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct ManagedPolicyDetail: AWSDecodableShape {
        public let arn: String?
        /// The number of principal entities (users, groups, and roles) that the policy is attached to.
        public let attachmentCount: Int?
        /// The date and time, in ISO 8601 date-time format, when the policy was created.
        public let createDate: Date?
        /// The identifier for the version of the policy that is set as the default (operative) version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
        public let defaultVersionId: String?
        /// A friendly description of the policy.
        public let description: String?
        /// Specifies whether the policy can be attached to an IAM user, group, or role.
        public let isAttachable: Bool?
        /// The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?
        /// The number of entities (users and roles) for which the policy is used as the permissions boundary.  For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundaryUsageCount: Int?
        /// The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let policyId: String?
        /// The friendly name (not ARN) identifying the policy.
        public let policyName: String?
        /// A list containing information about the versions of the policy.
        @OptionalCustomCoding<StandardArrayCoder<PolicyVersion>>
        public var policyVersionList: [PolicyVersion]?
        /// The date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
        public let updateDate: Date?

        @inlinable
        public init(arn: String? = nil, attachmentCount: Int? = nil, createDate: Date? = nil, defaultVersionId: String? = nil, description: String? = nil, isAttachable: Bool? = nil, path: String? = nil, permissionsBoundaryUsageCount: Int? = nil, policyId: String? = nil, policyName: String? = nil, policyVersionList: [PolicyVersion]? = nil, updateDate: Date? = nil) {
            self.arn = arn
            self.attachmentCount = attachmentCount
            self.createDate = createDate
            self.defaultVersionId = defaultVersionId
            self.description = description
            self.isAttachable = isAttachable
            self.path = path
            self.permissionsBoundaryUsageCount = permissionsBoundaryUsageCount
            self.policyId = policyId
            self.policyName = policyName
            self.policyVersionList = policyVersionList
            self.updateDate = updateDate
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case attachmentCount = "AttachmentCount"
            case createDate = "CreateDate"
            case defaultVersionId = "DefaultVersionId"
            case description = "Description"
            case isAttachable = "IsAttachable"
            case path = "Path"
            case permissionsBoundaryUsageCount = "PermissionsBoundaryUsageCount"
            case policyId = "PolicyId"
            case policyName = "PolicyName"
            case policyVersionList = "PolicyVersionList"
            case updateDate = "UpdateDate"
        }
    }

    public struct OpenIDConnectProviderListEntry: AWSDecodableShape {
        public let arn: String?

        @inlinable
        public init(arn: String? = nil) {
            self.arn = arn
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
        }
    }

    public struct OrganizationsDecisionDetail: AWSDecodableShape {
        /// Specifies whether the simulated operation is allowed by the Organizations service control policies that impact the simulated user's account.
        public let allowedByOrganizations: Bool?

        @inlinable
        public init(allowedByOrganizations: Bool? = nil) {
            self.allowedByOrganizations = allowedByOrganizations
        }

        private enum CodingKeys: String, CodingKey {
            case allowedByOrganizations = "AllowedByOrganizations"
        }
    }

    public struct PasswordPolicy: AWSDecodableShape {
        /// Specifies whether IAM users are allowed to change their own password. Gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM.
        public let allowUsersToChangePassword: Bool?
        /// Indicates whether passwords in the account expire. Returns true if MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
        public let expirePasswords: Bool?
        /// Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired. The IAM user cannot access the console until an administrator resets the password. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.
        public let hardExpiry: Bool?
        /// The number of days that an IAM user password is valid.
        public let maxPasswordAge: Int?
        /// Minimum length to require for IAM user passwords.
        public let minimumPasswordLength: Int?
        /// Specifies the number of previous passwords that IAM users are prevented from reusing.
        public let passwordReusePrevention: Int?
        /// Specifies whether IAM user passwords must contain at least one lowercase character (a to z).
        public let requireLowercaseCharacters: Bool?
        /// Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
        public let requireNumbers: Bool?
        /// Specifies whether IAM user passwords must contain at least one of the following symbols: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
        public let requireSymbols: Bool?
        /// Specifies whether IAM user passwords must contain at least one uppercase character (A to Z).
        public let requireUppercaseCharacters: Bool?

        @inlinable
        public init(allowUsersToChangePassword: Bool? = nil, expirePasswords: Bool? = nil, hardExpiry: Bool? = nil, maxPasswordAge: Int? = nil, minimumPasswordLength: Int? = nil, passwordReusePrevention: Int? = nil, requireLowercaseCharacters: Bool? = nil, requireNumbers: Bool? = nil, requireSymbols: Bool? = nil, requireUppercaseCharacters: Bool? = nil) {
            self.allowUsersToChangePassword = allowUsersToChangePassword
            self.expirePasswords = expirePasswords
            self.hardExpiry = hardExpiry
            self.maxPasswordAge = maxPasswordAge
            self.minimumPasswordLength = minimumPasswordLength
            self.passwordReusePrevention = passwordReusePrevention
            self.requireLowercaseCharacters = requireLowercaseCharacters
            self.requireNumbers = requireNumbers
            self.requireSymbols = requireSymbols
            self.requireUppercaseCharacters = requireUppercaseCharacters
        }

        private enum CodingKeys: String, CodingKey {
            case allowUsersToChangePassword = "AllowUsersToChangePassword"
            case expirePasswords = "ExpirePasswords"
            case hardExpiry = "HardExpiry"
            case maxPasswordAge = "MaxPasswordAge"
            case minimumPasswordLength = "MinimumPasswordLength"
            case passwordReusePrevention = "PasswordReusePrevention"
            case requireLowercaseCharacters = "RequireLowercaseCharacters"
            case requireNumbers = "RequireNumbers"
            case requireSymbols = "RequireSymbols"
            case requireUppercaseCharacters = "RequireUppercaseCharacters"
        }
    }

    public struct PermissionsBoundaryDecisionDetail: AWSDecodableShape {
        /// Specifies whether an action is allowed by a permissions boundary that is applied to an IAM entity (user or role). A value of true means that the permissions boundary does not deny the action. This means that the policy includes an Allow statement that matches the request. In this case, if an identity-based policy also allows the action, the request is allowed. A value of false means that either the requested action is not allowed (implicitly denied) or that the action is explicitly denied by the permissions boundary. In both of these cases, the action is not allowed, regardless of the identity-based policy.
        public let allowedByPermissionsBoundary: Bool?

        @inlinable
        public init(allowedByPermissionsBoundary: Bool? = nil) {
            self.allowedByPermissionsBoundary = allowedByPermissionsBoundary
        }

        private enum CodingKeys: String, CodingKey {
            case allowedByPermissionsBoundary = "AllowedByPermissionsBoundary"
        }
    }

    public struct Policy: AWSDecodableShape {
        public let arn: String?
        /// The number of entities (users, groups, and roles) that the policy is attached to.
        public let attachmentCount: Int?
        /// The date and time, in ISO 8601 date-time format, when the policy was created.
        public let createDate: Date?
        /// The identifier for the version of the policy that is set as the default version.
        public let defaultVersionId: String?
        /// A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
        public let description: String?
        /// Specifies whether the policy can be attached to an IAM user, group, or role.
        public let isAttachable: Bool?
        /// The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?
        /// The number of entities (users and roles) for which the policy is used to set the permissions boundary.  For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundaryUsageCount: Int?
        /// The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let policyId: String?
        /// The friendly name (not ARN) identifying the policy.
        public let policyName: String?
        /// A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
        public let updateDate: Date?

        @inlinable
        public init(arn: String? = nil, attachmentCount: Int? = nil, createDate: Date? = nil, defaultVersionId: String? = nil, description: String? = nil, isAttachable: Bool? = nil, path: String? = nil, permissionsBoundaryUsageCount: Int? = nil, policyId: String? = nil, policyName: String? = nil, tags: [Tag]? = nil, updateDate: Date? = nil) {
            self.arn = arn
            self.attachmentCount = attachmentCount
            self.createDate = createDate
            self.defaultVersionId = defaultVersionId
            self.description = description
            self.isAttachable = isAttachable
            self.path = path
            self.permissionsBoundaryUsageCount = permissionsBoundaryUsageCount
            self.policyId = policyId
            self.policyName = policyName
            self.tags = tags
            self.updateDate = updateDate
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case attachmentCount = "AttachmentCount"
            case createDate = "CreateDate"
            case defaultVersionId = "DefaultVersionId"
            case description = "Description"
            case isAttachable = "IsAttachable"
            case path = "Path"
            case permissionsBoundaryUsageCount = "PermissionsBoundaryUsageCount"
            case policyId = "PolicyId"
            case policyName = "PolicyName"
            case tags = "Tags"
            case updateDate = "UpdateDate"
        }
    }

    public struct PolicyDetail: AWSDecodableShape {
        /// The policy document.
        public let policyDocument: String?
        /// The name of the policy.
        public let policyName: String?

        @inlinable
        public init(policyDocument: String? = nil, policyName: String? = nil) {
            self.policyDocument = policyDocument
            self.policyName = policyName
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
        }
    }

    public struct PolicyGrantingServiceAccess: AWSDecodableShape {
        /// The name of the entity (user or role) to which the inline policy is attached. This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
        public let entityName: String?
        /// The type of entity (user or role) that used the policy to access the service to which the inline policy is attached. This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
        public let entityType: PolicyOwnerEntityType?
        public let policyArn: String?
        /// The policy name.
        public let policyName: String
        /// The policy type. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
        public let policyType: PolicyType

        @inlinable
        public init(entityName: String? = nil, entityType: PolicyOwnerEntityType? = nil, policyArn: String? = nil, policyName: String, policyType: PolicyType) {
            self.entityName = entityName
            self.entityType = entityType
            self.policyArn = policyArn
            self.policyName = policyName
            self.policyType = policyType
        }

        private enum CodingKeys: String, CodingKey {
            case entityName = "EntityName"
            case entityType = "EntityType"
            case policyArn = "PolicyArn"
            case policyName = "PolicyName"
            case policyType = "PolicyType"
        }
    }

    public struct PolicyGroup: AWSDecodableShape {
        /// The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let groupId: String?
        /// The name (friendly name, not ARN) identifying the group.
        public let groupName: String?

        @inlinable
        public init(groupId: String? = nil, groupName: String? = nil) {
            self.groupId = groupId
            self.groupName = groupName
        }

        private enum CodingKeys: String, CodingKey {
            case groupId = "GroupId"
            case groupName = "GroupName"
        }
    }

    public struct PolicyRole: AWSDecodableShape {
        /// The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let roleId: String?
        /// The name (friendly name, not ARN) identifying the role.
        public let roleName: String?

        @inlinable
        public init(roleId: String? = nil, roleName: String? = nil) {
            self.roleId = roleId
            self.roleName = roleName
        }

        private enum CodingKeys: String, CodingKey {
            case roleId = "RoleId"
            case roleName = "RoleName"
        }
    }

    public struct PolicyUser: AWSDecodableShape {
        /// The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let userId: String?
        /// The name (friendly name, not ARN) identifying the user.
        public let userName: String?

        @inlinable
        public init(userId: String? = nil, userName: String? = nil) {
            self.userId = userId
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case userId = "UserId"
            case userName = "UserName"
        }
    }

    public struct PolicyVersion: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format, when the policy version was created.
        public let createDate: Date?
        /// The policy document. The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.  The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
        public let document: String?
        /// Specifies whether the policy version is set as the policy's default version.
        public let isDefaultVersion: Bool?
        /// The identifier for the policy version. Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1.
        public let versionId: String?

        @inlinable
        public init(createDate: Date? = nil, document: String? = nil, isDefaultVersion: Bool? = nil, versionId: String? = nil) {
            self.createDate = createDate
            self.document = document
            self.isDefaultVersion = isDefaultVersion
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case createDate = "CreateDate"
            case document = "Document"
            case isDefaultVersion = "IsDefaultVersion"
            case versionId = "VersionId"
        }
    }

    public struct Position: AWSDecodableShape {
        /// The column in the line containing the specified position in the document.
        public let column: Int?
        /// The line containing the specified position in the document.
        public let line: Int?

        @inlinable
        public init(column: Int? = nil, line: Int? = nil) {
            self.column = column
            self.line = line
        }

        private enum CodingKeys: String, CodingKey {
            case column = "Column"
            case line = "Line"
        }
    }

    public struct PutGroupPolicyRequest: AWSEncodableShape {
        /// The name of the group to associate the policy with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-.
        public let groupName: String
        /// The policy document. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// The name of the policy document. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String

        @inlinable
        public init(groupName: String, policyDocument: String, policyName: String) {
            self.groupName = groupName
            self.policyDocument = policyDocument
            self.policyName = policyName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
        }
    }

    public struct PutRolePermissionsBoundaryRequest: AWSEncodableShape {
        /// The ARN of the managed policy that is used to set the permissions boundary for the role. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide. For more information about policy types, see Policy types in the IAM User Guide.
        public let permissionsBoundary: String
        /// The name (friendly name, not ARN) of the IAM role for which you want to set the permissions boundary.
        public let roleName: String

        @inlinable
        public init(permissionsBoundary: String, roleName: String) {
            self.permissionsBoundary = permissionsBoundary
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, max: 2048)
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, min: 20)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case permissionsBoundary = "PermissionsBoundary"
            case roleName = "RoleName"
        }
    }

    public struct PutRolePolicyRequest: AWSEncodableShape {
        /// The policy document. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// The name of the policy document. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name of the role to associate the policy with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyDocument: String, policyName: String, roleName: String) {
            self.policyDocument = policyDocument
            self.policyName = policyName
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
            case roleName = "RoleName"
        }
    }

    public struct PutUserPermissionsBoundaryRequest: AWSEncodableShape {
        /// The ARN of the managed policy that is used to set the permissions boundary for the user. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide. For more information about policy types, see Policy types in the IAM User Guide.
        public let permissionsBoundary: String
        /// The name (friendly name, not ARN) of the IAM user for which you want to set the permissions boundary.
        public let userName: String

        @inlinable
        public init(permissionsBoundary: String, userName: String) {
            self.permissionsBoundary = permissionsBoundary
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, max: 2048)
            try self.validate(self.permissionsBoundary, name: "permissionsBoundary", parent: name, min: 20)
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case permissionsBoundary = "PermissionsBoundary"
            case userName = "UserName"
        }
    }

    public struct PutUserPolicyRequest: AWSEncodableShape {
        /// The policy document. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// The name of the policy document. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyName: String
        /// The name of the user to associate the policy with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(policyDocument: String, policyName: String, userName: String) {
            self.policyDocument = policyDocument
            self.policyName = policyName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.policyName, name: "policyName", parent: name, max: 128)
            try self.validate(self.policyName, name: "policyName", parent: name, min: 1)
            try self.validate(self.policyName, name: "policyName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case policyName = "PolicyName"
            case userName = "UserName"
        }
    }

    public struct RemoveClientIDFromOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.
        public let clientID: String
        /// The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let openIDConnectProviderArn: String

        @inlinable
        public init(clientID: String, openIDConnectProviderArn: String) {
            self.clientID = clientID
            self.openIDConnectProviderArn = openIDConnectProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.clientID, name: "clientID", parent: name, max: 255)
            try self.validate(self.clientID, name: "clientID", parent: name, min: 1)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case clientID = "ClientID"
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
        }
    }

    public struct RemoveRoleFromInstanceProfileRequest: AWSEncodableShape {
        /// The name of the instance profile to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        /// The name of the role to remove. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(instanceProfileName: String, roleName: String) {
            self.instanceProfileName = instanceProfileName
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case roleName = "RoleName"
        }
    }

    public struct RemoveUserFromGroupRequest: AWSEncodableShape {
        /// The name of the group to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// The name of the user to remove. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(groupName: String, userName: String) {
            self.groupName = groupName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case userName = "UserName"
        }
    }

    public struct ResetServiceSpecificCredentialRequest: AWSEncodableShape {
        /// The unique identifier of the service-specific credential. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let serviceSpecificCredentialId: String
        /// The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(serviceSpecificCredentialId: String, userName: String? = nil) {
            self.serviceSpecificCredentialId = serviceSpecificCredentialId
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, max: 128)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, min: 20)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serviceSpecificCredentialId = "ServiceSpecificCredentialId"
            case userName = "UserName"
        }
    }

    public struct ResetServiceSpecificCredentialResponse: AWSDecodableShape {
        /// A structure with details about the updated service-specific credential, including the new password.  This is the only time that you can access the password. You cannot recover the password later, but you can reset it again.
        public let serviceSpecificCredential: ServiceSpecificCredential?

        @inlinable
        public init(serviceSpecificCredential: ServiceSpecificCredential? = nil) {
            self.serviceSpecificCredential = serviceSpecificCredential
        }

        private enum CodingKeys: String, CodingKey {
            case serviceSpecificCredential = "ServiceSpecificCredential"
        }
    }

    public struct ResourceSpecificResult: AWSDecodableShape {
        /// Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.
        @OptionalCustomCoding<StandardDictionaryCoder<String, PolicyEvaluationDecisionType>>
        public var evalDecisionDetails: [String: PolicyEvaluationDecisionType]?
        /// The result of the simulation of the simulated API operation on the resource specified in EvalResourceName.
        public let evalResourceDecision: PolicyEvaluationDecisionType
        /// The name of the simulated resource, in Amazon Resource Name (ARN) format.
        public let evalResourceName: String
        /// A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
        @OptionalCustomCoding<StandardArrayCoder<Statement>>
        public var matchedStatements: [Statement]?
        /// A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var missingContextValues: [String]?
        /// Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.
        public let permissionsBoundaryDecisionDetail: PermissionsBoundaryDecisionDetail?

        @inlinable
        public init(evalDecisionDetails: [String: PolicyEvaluationDecisionType]? = nil, evalResourceDecision: PolicyEvaluationDecisionType, evalResourceName: String, matchedStatements: [Statement]? = nil, missingContextValues: [String]? = nil, permissionsBoundaryDecisionDetail: PermissionsBoundaryDecisionDetail? = nil) {
            self.evalDecisionDetails = evalDecisionDetails
            self.evalResourceDecision = evalResourceDecision
            self.evalResourceName = evalResourceName
            self.matchedStatements = matchedStatements
            self.missingContextValues = missingContextValues
            self.permissionsBoundaryDecisionDetail = permissionsBoundaryDecisionDetail
        }

        private enum CodingKeys: String, CodingKey {
            case evalDecisionDetails = "EvalDecisionDetails"
            case evalResourceDecision = "EvalResourceDecision"
            case evalResourceName = "EvalResourceName"
            case matchedStatements = "MatchedStatements"
            case missingContextValues = "MissingContextValues"
            case permissionsBoundaryDecisionDetail = "PermissionsBoundaryDecisionDetail"
        }
    }

    public struct ResyncMFADeviceRequest: AWSEncodableShape {
        /// An authentication code emitted by the device. The format for this parameter is a sequence of six digits.
        public let authenticationCode1: String
        /// A subsequent authentication code emitted by the device. The format for this parameter is a sequence of six digits.
        public let authenticationCode2: String
        /// Serial number that uniquely identifies the MFA device. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serialNumber: String
        /// The name of the user whose MFA device you want to resynchronize. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(authenticationCode1: String, authenticationCode2: String, serialNumber: String, userName: String) {
            self.authenticationCode1 = authenticationCode1
            self.authenticationCode2 = authenticationCode2
            self.serialNumber = serialNumber
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, max: 6)
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, min: 6)
            try self.validate(self.authenticationCode1, name: "authenticationCode1", parent: name, pattern: "^[\\d]+$")
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, max: 6)
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, min: 6)
            try self.validate(self.authenticationCode2, name: "authenticationCode2", parent: name, pattern: "^[\\d]+$")
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case authenticationCode1 = "AuthenticationCode1"
            case authenticationCode2 = "AuthenticationCode2"
            case serialNumber = "SerialNumber"
            case userName = "UserName"
        }
    }

    public struct Role: AWSDecodableShape {
        ///  The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.
        public let arn: String
        /// The policy that grants an entity permission to assume the role.
        public let assumeRolePolicyDocument: String?
        /// The date and time, in ISO 8601 date-time format, when the role was created.
        public let createDate: Date
        /// A description of the role that you provide.
        public let description: String?
        /// The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.
        public let maxSessionDuration: Int?
        ///  The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String
        /// The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundary: AttachedPermissionsBoundary?
        ///  The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let roleId: String
        /// Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.
        public let roleLastUsed: RoleLastUsed?
        /// The friendly name that identifies the role.
        public let roleName: String
        /// A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(arn: String, assumeRolePolicyDocument: String? = nil, createDate: Date, description: String? = nil, maxSessionDuration: Int? = nil, path: String, permissionsBoundary: AttachedPermissionsBoundary? = nil, roleId: String, roleLastUsed: RoleLastUsed? = nil, roleName: String, tags: [Tag]? = nil) {
            self.arn = arn
            self.assumeRolePolicyDocument = assumeRolePolicyDocument
            self.createDate = createDate
            self.description = description
            self.maxSessionDuration = maxSessionDuration
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.roleId = roleId
            self.roleLastUsed = roleLastUsed
            self.roleName = roleName
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case assumeRolePolicyDocument = "AssumeRolePolicyDocument"
            case createDate = "CreateDate"
            case description = "Description"
            case maxSessionDuration = "MaxSessionDuration"
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case roleId = "RoleId"
            case roleLastUsed = "RoleLastUsed"
            case roleName = "RoleName"
            case tags = "Tags"
        }
    }

    public struct RoleDetail: AWSDecodableShape {
        public let arn: String?
        /// The trust policy that grants permission to assume the role.
        public let assumeRolePolicyDocument: String?
        /// A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedManagedPolicies: [AttachedPolicy]?
        /// The date and time, in ISO 8601 date-time format, when the role was created.
        public let createDate: Date?
        /// A list of instance profiles that contain this role.
        @OptionalCustomCoding<StandardArrayCoder<InstanceProfile>>
        public var instanceProfileList: [InstanceProfile]?
        /// The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?
        /// The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundary: AttachedPermissionsBoundary?
        /// The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let roleId: String?
        /// Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
        public let roleLastUsed: RoleLastUsed?
        /// The friendly name that identifies the role.
        public let roleName: String?
        /// A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
        @OptionalCustomCoding<StandardArrayCoder<PolicyDetail>>
        public var rolePolicyList: [PolicyDetail]?
        /// A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(arn: String? = nil, assumeRolePolicyDocument: String? = nil, attachedManagedPolicies: [AttachedPolicy]? = nil, createDate: Date? = nil, instanceProfileList: [InstanceProfile]? = nil, path: String? = nil, permissionsBoundary: AttachedPermissionsBoundary? = nil, roleId: String? = nil, roleLastUsed: RoleLastUsed? = nil, roleName: String? = nil, rolePolicyList: [PolicyDetail]? = nil, tags: [Tag]? = nil) {
            self.arn = arn
            self.assumeRolePolicyDocument = assumeRolePolicyDocument
            self.attachedManagedPolicies = attachedManagedPolicies
            self.createDate = createDate
            self.instanceProfileList = instanceProfileList
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.roleId = roleId
            self.roleLastUsed = roleLastUsed
            self.roleName = roleName
            self.rolePolicyList = rolePolicyList
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case assumeRolePolicyDocument = "AssumeRolePolicyDocument"
            case attachedManagedPolicies = "AttachedManagedPolicies"
            case createDate = "CreateDate"
            case instanceProfileList = "InstanceProfileList"
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case roleId = "RoleId"
            case roleLastUsed = "RoleLastUsed"
            case roleName = "RoleName"
            case rolePolicyList = "RolePolicyList"
            case tags = "Tags"
        }
    }

    public struct RoleLastUsed: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format that the role was last used. This field is null if the role has not been used within the IAM tracking period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.
        public let lastUsedDate: Date?
        /// The name of the Amazon Web Services Region in which the role was last used.
        public let region: String?

        @inlinable
        public init(lastUsedDate: Date? = nil, region: String? = nil) {
            self.lastUsedDate = lastUsedDate
            self.region = region
        }

        private enum CodingKeys: String, CodingKey {
            case lastUsedDate = "LastUsedDate"
            case region = "Region"
        }
    }

    public struct RoleUsageType: AWSDecodableShape {
        /// The name of the Region where the service-linked role is being used.
        public let region: String?
        /// The name of the resource that is using the service-linked role.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var resources: [String]?

        @inlinable
        public init(region: String? = nil, resources: [String]? = nil) {
            self.region = region
            self.resources = resources
        }

        private enum CodingKeys: String, CodingKey {
            case region = "Region"
            case resources = "Resources"
        }
    }

    public struct SAMLPrivateKey: AWSDecodableShape {
        /// The unique identifier for the SAML private key.
        public let keyId: String?
        /// The date and time, in ISO 8601 date-time format, when the private key was uploaded.
        public let timestamp: Date?

        @inlinable
        public init(keyId: String? = nil, timestamp: Date? = nil) {
            self.keyId = keyId
            self.timestamp = timestamp
        }

        private enum CodingKeys: String, CodingKey {
            case keyId = "KeyId"
            case timestamp = "Timestamp"
        }
    }

    public struct SAMLProviderListEntry: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the SAML provider.
        public let arn: String?
        /// The date and time when the SAML provider was created.
        public let createDate: Date?
        /// The expiration date and time for the SAML provider.
        public let validUntil: Date?

        @inlinable
        public init(arn: String? = nil, createDate: Date? = nil, validUntil: Date? = nil) {
            self.arn = arn
            self.createDate = createDate
            self.validUntil = validUntil
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createDate = "CreateDate"
            case validUntil = "ValidUntil"
        }
    }

    public struct SSHPublicKey: AWSDecodableShape {
        /// The MD5 message digest of the SSH public key.
        public let fingerprint: String
        /// The SSH public key.
        public let sshPublicKeyBody: String
        /// The unique identifier for the SSH public key.
        public let sshPublicKeyId: String
        /// The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
        public let status: StatusType
        /// The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
        public let uploadDate: Date?
        /// The name of the IAM user associated with the SSH public key.
        public let userName: String

        @inlinable
        public init(fingerprint: String, sshPublicKeyBody: String, sshPublicKeyId: String, status: StatusType, uploadDate: Date? = nil, userName: String) {
            self.fingerprint = fingerprint
            self.sshPublicKeyBody = sshPublicKeyBody
            self.sshPublicKeyId = sshPublicKeyId
            self.status = status
            self.uploadDate = uploadDate
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case fingerprint = "Fingerprint"
            case sshPublicKeyBody = "SSHPublicKeyBody"
            case sshPublicKeyId = "SSHPublicKeyId"
            case status = "Status"
            case uploadDate = "UploadDate"
            case userName = "UserName"
        }
    }

    public struct SSHPublicKeyMetadata: AWSDecodableShape {
        /// The unique identifier for the SSH public key.
        public let sshPublicKeyId: String
        /// The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
        public let status: StatusType
        /// The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
        public let uploadDate: Date
        /// The name of the IAM user associated with the SSH public key.
        public let userName: String

        @inlinable
        public init(sshPublicKeyId: String, status: StatusType, uploadDate: Date, userName: String) {
            self.sshPublicKeyId = sshPublicKeyId
            self.status = status
            self.uploadDate = uploadDate
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKeyId = "SSHPublicKeyId"
            case status = "Status"
            case uploadDate = "UploadDate"
            case userName = "UserName"
        }
    }

    public struct ServerCertificate: AWSDecodableShape {
        /// The contents of the public key certificate.
        public let certificateBody: String
        /// The contents of the public key certificate chain.
        public let certificateChain: String?
        /// The meta information of the server certificate, such as its name, path, ID, and ARN.
        public let serverCertificateMetadata: ServerCertificateMetadata
        /// A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(certificateBody: String, certificateChain: String? = nil, serverCertificateMetadata: ServerCertificateMetadata, tags: [Tag]? = nil) {
            self.certificateBody = certificateBody
            self.certificateChain = certificateChain
            self.serverCertificateMetadata = serverCertificateMetadata
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case certificateBody = "CertificateBody"
            case certificateChain = "CertificateChain"
            case serverCertificateMetadata = "ServerCertificateMetadata"
            case tags = "Tags"
        }
    }

    public struct ServerCertificateMetadata: AWSDecodableShape {
        ///  The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
        public let arn: String
        /// The date on which the certificate is set to expire.
        public let expiration: Date?
        ///  The path to the server certificate. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String
        ///  The stable and unique string identifying the server certificate. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let serverCertificateId: String
        /// The name that identifies the server certificate.
        public let serverCertificateName: String
        /// The date when the server certificate was uploaded.
        public let uploadDate: Date?

        @inlinable
        public init(arn: String, expiration: Date? = nil, path: String, serverCertificateId: String, serverCertificateName: String, uploadDate: Date? = nil) {
            self.arn = arn
            self.expiration = expiration
            self.path = path
            self.serverCertificateId = serverCertificateId
            self.serverCertificateName = serverCertificateName
            self.uploadDate = uploadDate
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case expiration = "Expiration"
            case path = "Path"
            case serverCertificateId = "ServerCertificateId"
            case serverCertificateName = "ServerCertificateName"
            case uploadDate = "UploadDate"
        }
    }

    public struct ServiceLastAccessed: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAuthenticated: Date?
        /// The ARN of the authenticated entity (user or role) that last attempted to access the service. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAuthenticatedEntity: String?
        /// The Region from which the authenticated entity (user or role) last attempted to access the service. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAuthenticatedRegion: String?
        /// The name of the service in which access was attempted.
        public let serviceName: String
        /// The namespace of the service in which access was attempted. To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
        public let serviceNamespace: String
        /// The total number of authenticated principals (root user, IAM users, or IAM roles) that have attempted to access the service. This field is null if no principals attempted to access the service within the tracking period.
        public let totalAuthenticatedEntities: Int?
        /// An object that contains details about the most recent attempt to access a tracked action within the service. This field is null if there no tracked actions or if the principal did not use the tracked actions within the tracking period. This field is also null if the report was generated at the service level and not the action level. For more information, see the Granularity field in GenerateServiceLastAccessedDetails.
        @OptionalCustomCoding<StandardArrayCoder<TrackedActionLastAccessed>>
        public var trackedActionsLastAccessed: [TrackedActionLastAccessed]?

        @inlinable
        public init(lastAuthenticated: Date? = nil, lastAuthenticatedEntity: String? = nil, lastAuthenticatedRegion: String? = nil, serviceName: String, serviceNamespace: String, totalAuthenticatedEntities: Int? = nil, trackedActionsLastAccessed: [TrackedActionLastAccessed]? = nil) {
            self.lastAuthenticated = lastAuthenticated
            self.lastAuthenticatedEntity = lastAuthenticatedEntity
            self.lastAuthenticatedRegion = lastAuthenticatedRegion
            self.serviceName = serviceName
            self.serviceNamespace = serviceNamespace
            self.totalAuthenticatedEntities = totalAuthenticatedEntities
            self.trackedActionsLastAccessed = trackedActionsLastAccessed
        }

        private enum CodingKeys: String, CodingKey {
            case lastAuthenticated = "LastAuthenticated"
            case lastAuthenticatedEntity = "LastAuthenticatedEntity"
            case lastAuthenticatedRegion = "LastAuthenticatedRegion"
            case serviceName = "ServiceName"
            case serviceNamespace = "ServiceNamespace"
            case totalAuthenticatedEntities = "TotalAuthenticatedEntities"
            case trackedActionsLastAccessed = "TrackedActionsLastAccessed"
        }
    }

    public struct ServiceSpecificCredential: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
        public let createDate: Date
        /// The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.
        public let expirationDate: Date?
        /// For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.
        public let serviceCredentialAlias: String?
        /// For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.
        public let serviceCredentialSecret: String?
        /// The name of the service associated with the service-specific credential.
        public let serviceName: String
        /// The generated password for the service-specific credential.
        public let servicePassword: String?
        /// The unique identifier for the service-specific credential.
        public let serviceSpecificCredentialId: String
        /// The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.
        public let serviceUserName: String?
        /// The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.
        public let status: StatusType
        /// The name of the IAM user associated with the service-specific credential.
        public let userName: String

        @inlinable
        public init(createDate: Date, expirationDate: Date? = nil, serviceCredentialAlias: String? = nil, serviceCredentialSecret: String? = nil, serviceName: String, servicePassword: String? = nil, serviceSpecificCredentialId: String, serviceUserName: String? = nil, status: StatusType, userName: String) {
            self.createDate = createDate
            self.expirationDate = expirationDate
            self.serviceCredentialAlias = serviceCredentialAlias
            self.serviceCredentialSecret = serviceCredentialSecret
            self.serviceName = serviceName
            self.servicePassword = servicePassword
            self.serviceSpecificCredentialId = serviceSpecificCredentialId
            self.serviceUserName = serviceUserName
            self.status = status
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case createDate = "CreateDate"
            case expirationDate = "ExpirationDate"
            case serviceCredentialAlias = "ServiceCredentialAlias"
            case serviceCredentialSecret = "ServiceCredentialSecret"
            case serviceName = "ServiceName"
            case servicePassword = "ServicePassword"
            case serviceSpecificCredentialId = "ServiceSpecificCredentialId"
            case serviceUserName = "ServiceUserName"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct ServiceSpecificCredentialMetadata: AWSDecodableShape {
        /// The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
        public let createDate: Date
        /// The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.
        public let expirationDate: Date?
        /// For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.
        public let serviceCredentialAlias: String?
        /// The name of the service associated with the service-specific credential.
        public let serviceName: String
        /// The unique identifier for the service-specific credential.
        public let serviceSpecificCredentialId: String
        /// The generated user name for the service-specific credential.
        public let serviceUserName: String?
        /// The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.
        public let status: StatusType
        /// The name of the IAM user associated with the service-specific credential.
        public let userName: String

        @inlinable
        public init(createDate: Date, expirationDate: Date? = nil, serviceCredentialAlias: String? = nil, serviceName: String, serviceSpecificCredentialId: String, serviceUserName: String? = nil, status: StatusType, userName: String) {
            self.createDate = createDate
            self.expirationDate = expirationDate
            self.serviceCredentialAlias = serviceCredentialAlias
            self.serviceName = serviceName
            self.serviceSpecificCredentialId = serviceSpecificCredentialId
            self.serviceUserName = serviceUserName
            self.status = status
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case createDate = "CreateDate"
            case expirationDate = "ExpirationDate"
            case serviceCredentialAlias = "ServiceCredentialAlias"
            case serviceName = "ServiceName"
            case serviceSpecificCredentialId = "ServiceSpecificCredentialId"
            case serviceUserName = "ServiceUserName"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct SetDefaultPolicyVersionRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policyArn: String
        /// The version of the policy to set as the default (operative) version. For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.
        public let versionId: String

        @inlinable
        public init(policyArn: String, versionId: String) {
            self.policyArn = policyArn
            self.versionId = versionId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.validate(self.versionId, name: "versionId", parent: name, pattern: "^v[1-9][0-9]*(\\.[A-Za-z0-9-]*)?$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case versionId = "VersionId"
        }
    }

    public struct SetSecurityTokenServicePreferencesRequest: AWSEncodableShape {
        /// The version of the global endpoint token. Version 1 tokens are valid only in Amazon Web Services Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an Amazon Web Services Region in the IAM User Guide.
        public let globalEndpointTokenVersion: GlobalEndpointTokenVersion

        @inlinable
        public init(globalEndpointTokenVersion: GlobalEndpointTokenVersion) {
            self.globalEndpointTokenVersion = globalEndpointTokenVersion
        }

        private enum CodingKeys: String, CodingKey {
            case globalEndpointTokenVersion = "GlobalEndpointTokenVersion"
        }
    }

    public struct SigningCertificate: AWSDecodableShape {
        /// The contents of the signing certificate.
        public let certificateBody: String
        /// The ID for the signing certificate.
        public let certificateId: String
        /// The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not.
        public let status: StatusType
        /// The date when the signing certificate was uploaded.
        public let uploadDate: Date?
        /// The name of the user the signing certificate is associated with.
        public let userName: String

        @inlinable
        public init(certificateBody: String, certificateId: String, status: StatusType, uploadDate: Date? = nil, userName: String) {
            self.certificateBody = certificateBody
            self.certificateId = certificateId
            self.status = status
            self.uploadDate = uploadDate
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case certificateBody = "CertificateBody"
            case certificateId = "CertificateId"
            case status = "Status"
            case uploadDate = "UploadDate"
            case userName = "UserName"
        }
    }

    public struct SimulateCustomPolicyRequest: AWSEncodableShape {
        /// A list of names of API operations to evaluate in the simulation. Each operation is evaluated against each resource. Each operation must include the service identifier, such as iam:CreateUser. This operation does not support using wildcards (*) in an action name.
        @CustomCoding<StandardArrayCoder<String>>
        public var actionNames: [String]
        /// The ARN of the IAM user that you want to use as the simulated caller of the API operations. CallerArn is required if you include a ResourcePolicy so that the policy's Principal element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
        public let callerArn: String?
        /// A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permissions policies, the corresponding value is supplied.
        @OptionalCustomCoding<StandardArrayCoder<ContextEntry>>
        public var contextEntries: [ContextEntry]?
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var permissionsBoundaryPolicyInputList: [String]?
        /// A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be "scope-down" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @CustomCoding<StandardArrayCoder<String>>
        public var policyInputList: [String]
        /// A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter. If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.  Simulation of resource-based policies isn't supported for IAM roles.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var resourceArns: [String]?
        /// Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the Amazon EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the Amazon EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.    EC2-VPC-InstanceStore  instance, image, security group, network interface    EC2-VPC-InstanceStore-Subnet  instance, image, security group, network interface, subnet    EC2-VPC-EBS  instance, image, security group, network interface, volume    EC2-VPC-EBS-Subnet  instance, image, security group, network interface, subnet, volume
        public let resourceHandlingOption: String?
        /// An ARN representing the Amazon Web Services account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn. The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For example, to represent the account with the 112233445566 ID, use the following ARN: arn:aws:iam::112233445566-ID:root.
        public let resourceOwner: String?
        /// A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)    Simulation of resource-based policies isn't supported for IAM roles.
        public let resourcePolicy: String?

        @inlinable
        public init(actionNames: [String], callerArn: String? = nil, contextEntries: [ContextEntry]? = nil, marker: String? = nil, maxItems: Int? = nil, permissionsBoundaryPolicyInputList: [String]? = nil, policyInputList: [String], resourceArns: [String]? = nil, resourceHandlingOption: String? = nil, resourceOwner: String? = nil, resourcePolicy: String? = nil) {
            self.actionNames = actionNames
            self.callerArn = callerArn
            self.contextEntries = contextEntries
            self.marker = marker
            self.maxItems = maxItems
            self.permissionsBoundaryPolicyInputList = permissionsBoundaryPolicyInputList
            self.policyInputList = policyInputList
            self.resourceArns = resourceArns
            self.resourceHandlingOption = resourceHandlingOption
            self.resourceOwner = resourceOwner
            self.resourcePolicy = resourcePolicy
        }

        public func validate(name: String) throws {
            try self.actionNames.forEach {
                try validate($0, name: "actionNames[]", parent: name, max: 128)
                try validate($0, name: "actionNames[]", parent: name, min: 3)
            }
            try self.validate(self.callerArn, name: "callerArn", parent: name, max: 2048)
            try self.validate(self.callerArn, name: "callerArn", parent: name, min: 1)
            try self.contextEntries?.forEach {
                try $0.validate(name: "\(name).contextEntries[]")
            }
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.permissionsBoundaryPolicyInputList?.forEach {
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, max: 131072)
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, min: 1)
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
            try self.policyInputList.forEach {
                try validate($0, name: "policyInputList[]", parent: name, max: 131072)
                try validate($0, name: "policyInputList[]", parent: name, min: 1)
                try validate($0, name: "policyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
            try self.resourceArns?.forEach {
                try validate($0, name: "resourceArns[]", parent: name, max: 2048)
                try validate($0, name: "resourceArns[]", parent: name, min: 1)
            }
            try self.validate(self.resourceHandlingOption, name: "resourceHandlingOption", parent: name, max: 64)
            try self.validate(self.resourceHandlingOption, name: "resourceHandlingOption", parent: name, min: 1)
            try self.validate(self.resourceOwner, name: "resourceOwner", parent: name, max: 2048)
            try self.validate(self.resourceOwner, name: "resourceOwner", parent: name, min: 1)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, max: 131072)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, min: 1)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case actionNames = "ActionNames"
            case callerArn = "CallerArn"
            case contextEntries = "ContextEntries"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case permissionsBoundaryPolicyInputList = "PermissionsBoundaryPolicyInputList"
            case policyInputList = "PolicyInputList"
            case resourceArns = "ResourceArns"
            case resourceHandlingOption = "ResourceHandlingOption"
            case resourceOwner = "ResourceOwner"
            case resourcePolicy = "ResourcePolicy"
        }
    }

    public struct SimulatePolicyResponse: AWSDecodableShape {
        /// The results of the simulation.
        @OptionalCustomCoding<StandardArrayCoder<EvaluationResult>>
        public var evaluationResults: [EvaluationResult]?
        /// A flag that indicates whether there are more items to return. If your  results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the  MaxItems number of results even when there are more results available. We recommend  that you check IsTruncated after every call to ensure that you receive all your  results.
        public let isTruncated: Bool?
        /// When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent  pagination request.
        public let marker: String?

        @inlinable
        public init(evaluationResults: [EvaluationResult]? = nil, isTruncated: Bool? = nil, marker: String? = nil) {
            self.evaluationResults = evaluationResults
            self.isTruncated = isTruncated
            self.marker = marker
        }

        private enum CodingKeys: String, CodingKey {
            case evaluationResults = "EvaluationResults"
            case isTruncated = "IsTruncated"
            case marker = "Marker"
        }
    }

    public struct SimulatePrincipalPolicyRequest: AWSEncodableShape {
        /// A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each resource. Each operation must include the service identifier, such as iam:CreateUser.
        @CustomCoding<StandardArrayCoder<String>>
        public var actionNames: [String]
        /// The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.  CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let callerArn: String?
        /// A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permissions policies, the corresponding value is supplied.
        @OptionalCustomCoding<StandardArrayCoder<ContextEntry>>
        public var contextEntries: [ContextEntry]?
        /// Use this parameter only when paginating results and only after  you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call  should start.
        public let marker: String?
        /// Use this only when paginating results to indicate the  maximum number of items you want in the response. If additional items exist beyond the maximum  you specify, the IsTruncated response element is true. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker  contains a value to include in the subsequent call that tells the service where to continue  from.
        public let maxItems: Int?
        /// The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var permissionsBoundaryPolicyInputList: [String]?
        /// An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var policyInputList: [String]?
        /// The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let policySourceArn: String
        /// A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.  Simulation of resource-based policies isn't supported for IAM roles.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var resourceArns: [String]?
        /// Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the Amazon EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the Amazon EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.    EC2-VPC-InstanceStore  instance, image, security group, network interface    EC2-VPC-InstanceStore-Subnet  instance, image, security group, network interface, subnet    EC2-VPC-EBS  instance, image, security group, network interface, volume    EC2-VPC-EBS-Subnet  instance, image, security group, network interface, subnet, volume
        public let resourceHandlingOption: String?
        /// An Amazon Web Services account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
        public let resourceOwner: String?
        /// A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)    Simulation of resource-based policies isn't supported for IAM roles.
        public let resourcePolicy: String?

        @inlinable
        public init(actionNames: [String], callerArn: String? = nil, contextEntries: [ContextEntry]? = nil, marker: String? = nil, maxItems: Int? = nil, permissionsBoundaryPolicyInputList: [String]? = nil, policyInputList: [String]? = nil, policySourceArn: String, resourceArns: [String]? = nil, resourceHandlingOption: String? = nil, resourceOwner: String? = nil, resourcePolicy: String? = nil) {
            self.actionNames = actionNames
            self.callerArn = callerArn
            self.contextEntries = contextEntries
            self.marker = marker
            self.maxItems = maxItems
            self.permissionsBoundaryPolicyInputList = permissionsBoundaryPolicyInputList
            self.policyInputList = policyInputList
            self.policySourceArn = policySourceArn
            self.resourceArns = resourceArns
            self.resourceHandlingOption = resourceHandlingOption
            self.resourceOwner = resourceOwner
            self.resourcePolicy = resourcePolicy
        }

        public func validate(name: String) throws {
            try self.actionNames.forEach {
                try validate($0, name: "actionNames[]", parent: name, max: 128)
                try validate($0, name: "actionNames[]", parent: name, min: 3)
            }
            try self.validate(self.callerArn, name: "callerArn", parent: name, max: 2048)
            try self.validate(self.callerArn, name: "callerArn", parent: name, min: 1)
            try self.contextEntries?.forEach {
                try $0.validate(name: "\(name).contextEntries[]")
            }
            try self.validate(self.marker, name: "marker", parent: name, max: 320)
            try self.validate(self.marker, name: "marker", parent: name, min: 1)
            try self.validate(self.marker, name: "marker", parent: name, pattern: "^[\\u0020-\\u00FF]+$")
            try self.validate(self.maxItems, name: "maxItems", parent: name, max: 1000)
            try self.validate(self.maxItems, name: "maxItems", parent: name, min: 1)
            try self.permissionsBoundaryPolicyInputList?.forEach {
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, max: 131072)
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, min: 1)
                try validate($0, name: "permissionsBoundaryPolicyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
            try self.policyInputList?.forEach {
                try validate($0, name: "policyInputList[]", parent: name, max: 131072)
                try validate($0, name: "policyInputList[]", parent: name, min: 1)
                try validate($0, name: "policyInputList[]", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            }
            try self.validate(self.policySourceArn, name: "policySourceArn", parent: name, max: 2048)
            try self.validate(self.policySourceArn, name: "policySourceArn", parent: name, min: 20)
            try self.resourceArns?.forEach {
                try validate($0, name: "resourceArns[]", parent: name, max: 2048)
                try validate($0, name: "resourceArns[]", parent: name, min: 1)
            }
            try self.validate(self.resourceHandlingOption, name: "resourceHandlingOption", parent: name, max: 64)
            try self.validate(self.resourceHandlingOption, name: "resourceHandlingOption", parent: name, min: 1)
            try self.validate(self.resourceOwner, name: "resourceOwner", parent: name, max: 2048)
            try self.validate(self.resourceOwner, name: "resourceOwner", parent: name, min: 1)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, max: 131072)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, min: 1)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case actionNames = "ActionNames"
            case callerArn = "CallerArn"
            case contextEntries = "ContextEntries"
            case marker = "Marker"
            case maxItems = "MaxItems"
            case permissionsBoundaryPolicyInputList = "PermissionsBoundaryPolicyInputList"
            case policyInputList = "PolicyInputList"
            case policySourceArn = "PolicySourceArn"
            case resourceArns = "ResourceArns"
            case resourceHandlingOption = "ResourceHandlingOption"
            case resourceOwner = "ResourceOwner"
            case resourcePolicy = "ResourcePolicy"
        }
    }

    public struct Statement: AWSDecodableShape {
        /// The row and column of the end of a Statement in an IAM policy.
        public let endPosition: Position?
        /// The identifier of the policy that was provided as an input.
        public let sourcePolicyId: String?
        /// The type of the policy.
        public let sourcePolicyType: PolicySourceType?
        /// The row and column of the beginning of the Statement in an IAM policy.
        public let startPosition: Position?

        @inlinable
        public init(endPosition: Position? = nil, sourcePolicyId: String? = nil, sourcePolicyType: PolicySourceType? = nil, startPosition: Position? = nil) {
            self.endPosition = endPosition
            self.sourcePolicyId = sourcePolicyId
            self.sourcePolicyType = sourcePolicyType
            self.startPosition = startPosition
        }

        private enum CodingKeys: String, CodingKey {
            case endPosition = "EndPosition"
            case sourcePolicyId = "SourcePolicyId"
            case sourcePolicyType = "SourcePolicyType"
            case startPosition = "StartPosition"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// The key name that can be used to look up or retrieve the associated value. For example, Department or Cost Center are common choices.
        public let key: String
        /// The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.
        public let value: String

        @inlinable
        public init(key: String, value: String) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.key, name: "key", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagInstanceProfileRequest: AWSEncodableShape {
        /// The name of the IAM instance profile to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        /// The list of tags that you want to attach to the IAM instance profile. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(instanceProfileName: String, tags: [Tag]) {
            self.instanceProfileName = instanceProfileName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case tags = "Tags"
        }
    }

    public struct TagMFADeviceRequest: AWSEncodableShape {
        /// The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serialNumber: String
        /// The list of tags that you want to attach to the IAM virtual MFA device. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(serialNumber: String, tags: [Tag]) {
            self.serialNumber = serialNumber
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case serialNumber = "SerialNumber"
            case tags = "Tags"
        }
    }

    public struct TagOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The ARN of the OIDC identity provider in IAM to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let openIDConnectProviderArn: String
        /// The list of tags that you want to attach to the OIDC identity provider in IAM. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(openIDConnectProviderArn: String, tags: [Tag]) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
            case tags = "Tags"
        }
    }

    public struct TagPolicyRequest: AWSEncodableShape {
        /// The ARN of the IAM customer managed policy to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyArn: String
        /// The list of tags that you want to attach to the IAM customer managed policy. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(policyArn: String, tags: [Tag]) {
            self.policyArn = policyArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case tags = "Tags"
        }
    }

    public struct TagRoleRequest: AWSEncodableShape {
        /// The name of the IAM role to which you want to add tags. This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String
        /// The list of tags that you want to attach to the IAM role. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(roleName: String, tags: [Tag]) {
            self.roleName = roleName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
            case tags = "Tags"
        }
    }

    public struct TagSAMLProviderRequest: AWSEncodableShape {
        /// The ARN of the SAML identity provider in IAM to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let samlProviderArn: String
        /// The list of tags that you want to attach to the SAML identity provider in IAM. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(samlProviderArn: String, tags: [Tag]) {
            self.samlProviderArn = samlProviderArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
            case tags = "Tags"
        }
    }

    public struct TagServerCertificateRequest: AWSEncodableShape {
        /// The name of the IAM server certificate to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String
        /// The list of tags that you want to attach to the IAM server certificate. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]

        @inlinable
        public init(serverCertificateName: String, tags: [Tag]) {
            self.serverCertificateName = serverCertificateName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificateName = "ServerCertificateName"
            case tags = "Tags"
        }
    }

    public struct TagUserRequest: AWSEncodableShape {
        /// The list of tags that you want to attach to the IAM user. Each tag consists of a key name and an associated value.
        @CustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]
        /// The name of the IAM user to which you want to add tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(tags: [Tag], userName: String) {
            self.tags = tags
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "Tags"
            case userName = "UserName"
        }
    }

    public struct TrackedActionLastAccessed: AWSDecodableShape {
        /// The name of the tracked action to which access was attempted. Tracked actions are actions that report activity to IAM.
        public let actionName: String?
        public let lastAccessedEntity: String?
        /// The Region from which the authenticated entity (user or role) last attempted to access the tracked action. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAccessedRegion: String?
        /// The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. Amazon Web Services does not report unauthenticated requests. This field is null if no IAM entities attempted to access the service within the tracking period.
        public let lastAccessedTime: Date?

        @inlinable
        public init(actionName: String? = nil, lastAccessedEntity: String? = nil, lastAccessedRegion: String? = nil, lastAccessedTime: Date? = nil) {
            self.actionName = actionName
            self.lastAccessedEntity = lastAccessedEntity
            self.lastAccessedRegion = lastAccessedRegion
            self.lastAccessedTime = lastAccessedTime
        }

        private enum CodingKeys: String, CodingKey {
            case actionName = "ActionName"
            case lastAccessedEntity = "LastAccessedEntity"
            case lastAccessedRegion = "LastAccessedRegion"
            case lastAccessedTime = "LastAccessedTime"
        }
    }

    public struct UntagInstanceProfileRequest: AWSEncodableShape {
        /// The name of the IAM instance profile from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let instanceProfileName: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified instance profile.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(instanceProfileName: String, tagKeys: [String]) {
            self.instanceProfileName = instanceProfileName
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, max: 128)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, min: 1)
            try self.validate(self.instanceProfileName, name: "instanceProfileName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case instanceProfileName = "InstanceProfileName"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagMFADeviceRequest: AWSEncodableShape {
        /// The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serialNumber: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified instance profile.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(serialNumber: String, tagKeys: [String]) {
            self.serialNumber = serialNumber
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 256)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 9)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[\\w+=/:,.@-]+$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case serialNumber = "SerialNumber"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagOpenIDConnectProviderRequest: AWSEncodableShape {
        /// The ARN of the OIDC provider in IAM from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let openIDConnectProviderArn: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified OIDC provider.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(openIDConnectProviderArn: String, tagKeys: [String]) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagPolicyRequest: AWSEncodableShape {
        /// The ARN of the IAM customer managed policy from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let policyArn: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified policy.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(policyArn: String, tagKeys: [String]) {
            self.policyArn = policyArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.policyArn, name: "policyArn", parent: name, max: 2048)
            try self.validate(self.policyArn, name: "policyArn", parent: name, min: 20)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case policyArn = "PolicyArn"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagRoleRequest: AWSEncodableShape {
        /// The name of the IAM role from which you want to remove tags. This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified role.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(roleName: String, tagKeys: [String]) {
            self.roleName = roleName
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case roleName = "RoleName"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagSAMLProviderRequest: AWSEncodableShape {
        /// The ARN of the SAML identity provider in IAM from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let samlProviderArn: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified SAML identity provider.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(samlProviderArn: String, tagKeys: [String]) {
            self.samlProviderArn = samlProviderArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagServerCertificateRequest: AWSEncodableShape {
        /// The name of the IAM server certificate from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified IAM server certificate.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]

        @inlinable
        public init(serverCertificateName: String, tagKeys: [String]) {
            self.serverCertificateName = serverCertificateName
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificateName = "ServerCertificateName"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagUserRequest: AWSEncodableShape {
        /// A list of key names as a simple array of strings. The tags with matching keys are removed from the specified user.
        @CustomCoding<StandardArrayCoder<String>>
        public var tagKeys: [String]
        /// The name of the IAM user from which you want to remove tags. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(tagKeys: [String], userName: String) {
            self.tagKeys = tagKeys
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$")
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case tagKeys = "TagKeys"
            case userName = "UserName"
        }
    }

    public struct UpdateAccessKeyRequest: AWSEncodableShape {
        /// The access key ID of the secret access key you want to update. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let accessKeyId: String
        ///  The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.
        public let status: StatusType
        /// The name of the user whose key you want to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(accessKeyId: String, status: StatusType, userName: String? = nil) {
            self.accessKeyId = accessKeyId
            self.status = status
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, max: 128)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, min: 16)
            try self.validate(self.accessKeyId, name: "accessKeyId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct UpdateAccountPasswordPolicyRequest: AWSEncodableShape {
        ///  Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Permitting IAM users to change their own passwords in the IAM User Guide. If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.
        public let allowUsersToChangePassword: Bool?
        ///  Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password. If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.  In the Amazon Web Services Management Console, the custom password policy option Allow users to change their own password gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.
        public let hardExpiry: Bool?
        /// The number of days that an IAM user password is valid. If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM user passwords never expire.
        public let maxPasswordAge: Int?
        /// The minimum number of characters allowed in an IAM user password. If you do not specify a value for this parameter, then the operation uses the default value of 6.
        public let minimumPasswordLength: Int?
        /// Specifies the number of previous passwords that IAM users are prevented from reusing. If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM users are not prevented from reusing previous passwords.
        public let passwordReusePrevention: Int?
        /// Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.
        public let requireLowercaseCharacters: Bool?
        /// Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.
        public let requireNumbers: Bool?
        /// Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ' If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one symbol character.
        public let requireSymbols: Bool?
        /// Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.
        public let requireUppercaseCharacters: Bool?

        @inlinable
        public init(allowUsersToChangePassword: Bool? = nil, hardExpiry: Bool? = nil, maxPasswordAge: Int? = nil, minimumPasswordLength: Int? = nil, passwordReusePrevention: Int? = nil, requireLowercaseCharacters: Bool? = nil, requireNumbers: Bool? = nil, requireSymbols: Bool? = nil, requireUppercaseCharacters: Bool? = nil) {
            self.allowUsersToChangePassword = allowUsersToChangePassword
            self.hardExpiry = hardExpiry
            self.maxPasswordAge = maxPasswordAge
            self.minimumPasswordLength = minimumPasswordLength
            self.passwordReusePrevention = passwordReusePrevention
            self.requireLowercaseCharacters = requireLowercaseCharacters
            self.requireNumbers = requireNumbers
            self.requireSymbols = requireSymbols
            self.requireUppercaseCharacters = requireUppercaseCharacters
        }

        public func validate(name: String) throws {
            try self.validate(self.maxPasswordAge, name: "maxPasswordAge", parent: name, max: 1095)
            try self.validate(self.maxPasswordAge, name: "maxPasswordAge", parent: name, min: 1)
            try self.validate(self.minimumPasswordLength, name: "minimumPasswordLength", parent: name, max: 128)
            try self.validate(self.minimumPasswordLength, name: "minimumPasswordLength", parent: name, min: 6)
            try self.validate(self.passwordReusePrevention, name: "passwordReusePrevention", parent: name, max: 24)
            try self.validate(self.passwordReusePrevention, name: "passwordReusePrevention", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case allowUsersToChangePassword = "AllowUsersToChangePassword"
            case hardExpiry = "HardExpiry"
            case maxPasswordAge = "MaxPasswordAge"
            case minimumPasswordLength = "MinimumPasswordLength"
            case passwordReusePrevention = "PasswordReusePrevention"
            case requireLowercaseCharacters = "RequireLowercaseCharacters"
            case requireNumbers = "RequireNumbers"
            case requireSymbols = "RequireSymbols"
            case requireUppercaseCharacters = "RequireUppercaseCharacters"
        }
    }

    public struct UpdateAssumeRolePolicyRequest: AWSEncodableShape {
        /// The policy that grants an entity permission to assume the role. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let policyDocument: String
        /// The name of the role to update with the new policy. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let roleName: String

        @inlinable
        public init(policyDocument: String, roleName: String) {
            self.policyDocument = policyDocument
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, max: 131072)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, min: 1)
            try self.validate(self.policyDocument, name: "policyDocument", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyDocument = "PolicyDocument"
            case roleName = "RoleName"
        }
    }

    public struct UpdateGroupRequest: AWSEncodableShape {
        /// Name of the IAM group to update. If you're changing the name of the group, this is the original name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let groupName: String
        /// New name for the IAM group. Only include this if changing the group's name. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
        public let newGroupName: String?
        /// New path for the IAM group. Only include this if changing the group's path. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let newPath: String?

        @inlinable
        public init(groupName: String, newGroupName: String? = nil, newPath: String? = nil) {
            self.groupName = groupName
            self.newGroupName = newGroupName
            self.newPath = newPath
        }

        public func validate(name: String) throws {
            try self.validate(self.groupName, name: "groupName", parent: name, max: 128)
            try self.validate(self.groupName, name: "groupName", parent: name, min: 1)
            try self.validate(self.groupName, name: "groupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.newGroupName, name: "newGroupName", parent: name, max: 128)
            try self.validate(self.newGroupName, name: "newGroupName", parent: name, min: 1)
            try self.validate(self.newGroupName, name: "newGroupName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.newPath, name: "newPath", parent: name, max: 512)
            try self.validate(self.newPath, name: "newPath", parent: name, min: 1)
            try self.validate(self.newPath, name: "newPath", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupName = "GroupName"
            case newGroupName = "NewGroupName"
            case newPath = "NewPath"
        }
    }

    public struct UpdateLoginProfileRequest: AWSEncodableShape {
        /// The new password for the specified IAM user. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)   However, the format can be further restricted by the account administrator by setting a password policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.
        public let password: String?
        /// Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
        public let passwordResetRequired: Bool?
        /// The name of the user whose password you want to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(password: String? = nil, passwordResetRequired: Bool? = nil, userName: String) {
            self.password = password
            self.passwordResetRequired = passwordResetRequired
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.password, name: "password", parent: name, max: 128)
            try self.validate(self.password, name: "password", parent: name, min: 1)
            try self.validate(self.password, name: "password", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case password = "Password"
            case passwordResetRequired = "PasswordResetRequired"
            case userName = "UserName"
        }
    }

    public struct UpdateOpenIDConnectProviderThumbprintRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let openIDConnectProviderArn: String
        /// A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
        @CustomCoding<StandardArrayCoder<String>>
        public var thumbprintList: [String]

        @inlinable
        public init(openIDConnectProviderArn: String, thumbprintList: [String]) {
            self.openIDConnectProviderArn = openIDConnectProviderArn
            self.thumbprintList = thumbprintList
        }

        public func validate(name: String) throws {
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, max: 2048)
            try self.validate(self.openIDConnectProviderArn, name: "openIDConnectProviderArn", parent: name, min: 20)
            try self.thumbprintList.forEach {
                try validate($0, name: "thumbprintList[]", parent: name, max: 40)
                try validate($0, name: "thumbprintList[]", parent: name, min: 40)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case openIDConnectProviderArn = "OpenIDConnectProviderArn"
            case thumbprintList = "ThumbprintList"
        }
    }

    public struct UpdateRoleDescriptionRequest: AWSEncodableShape {
        /// The new description that you want to apply to the specified role.
        public let description: String
        /// The name of the role that you want to modify.
        public let roleName: String

        @inlinable
        public init(description: String, roleName: String) {
            self.description = description
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 1000)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case description = "Description"
            case roleName = "RoleName"
        }
    }

    public struct UpdateRoleDescriptionResponse: AWSDecodableShape {
        /// A structure that contains details about the modified role.
        public let role: Role?

        @inlinable
        public init(role: Role? = nil) {
            self.role = role
        }

        private enum CodingKeys: String, CodingKey {
            case role = "Role"
        }
    }

    public struct UpdateRoleRequest: AWSEncodableShape {
        /// The new description that you want to apply to the specified role.
        public let description: String?
        /// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.  IAM role credentials provided by Amazon EC2 instances assigned to the role are not subject to the specified maximum session duration.
        public let maxSessionDuration: Int?
        /// The name of the role that you want to modify.
        public let roleName: String

        @inlinable
        public init(description: String? = nil, maxSessionDuration: Int? = nil, roleName: String) {
            self.description = description
            self.maxSessionDuration = maxSessionDuration
            self.roleName = roleName
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 1000)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*$")
            try self.validate(self.maxSessionDuration, name: "maxSessionDuration", parent: name, max: 43200)
            try self.validate(self.maxSessionDuration, name: "maxSessionDuration", parent: name, min: 3600)
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, min: 1)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case description = "Description"
            case maxSessionDuration = "MaxSessionDuration"
            case roleName = "RoleName"
        }
    }

    public struct UpdateRoleResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateSAMLProviderRequest: AWSEncodableShape {
        /// Specifies the new private key from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.
        public let addPrivateKey: String?
        /// Specifies the encryption setting for the SAML provider.
        public let assertionEncryptionMode: AssertionEncryptionModeType?
        /// The Key ID of the private key to remove.
        public let removePrivateKey: String?
        /// An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your IdP.
        public let samlMetadataDocument: String?
        /// The Amazon Resource Name (ARN) of the SAML provider to update. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
        public let samlProviderArn: String

        @inlinable
        public init(addPrivateKey: String? = nil, assertionEncryptionMode: AssertionEncryptionModeType? = nil, removePrivateKey: String? = nil, samlMetadataDocument: String? = nil, samlProviderArn: String) {
            self.addPrivateKey = addPrivateKey
            self.assertionEncryptionMode = assertionEncryptionMode
            self.removePrivateKey = removePrivateKey
            self.samlMetadataDocument = samlMetadataDocument
            self.samlProviderArn = samlProviderArn
        }

        public func validate(name: String) throws {
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, max: 16384)
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, min: 1)
            try self.validate(self.addPrivateKey, name: "addPrivateKey", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.removePrivateKey, name: "removePrivateKey", parent: name, max: 64)
            try self.validate(self.removePrivateKey, name: "removePrivateKey", parent: name, min: 22)
            try self.validate(self.removePrivateKey, name: "removePrivateKey", parent: name, pattern: "^[A-Z0-9]+$")
            try self.validate(self.samlMetadataDocument, name: "samlMetadataDocument", parent: name, max: 10000000)
            try self.validate(self.samlMetadataDocument, name: "samlMetadataDocument", parent: name, min: 1000)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, max: 2048)
            try self.validate(self.samlProviderArn, name: "samlProviderArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case addPrivateKey = "AddPrivateKey"
            case assertionEncryptionMode = "AssertionEncryptionMode"
            case removePrivateKey = "RemovePrivateKey"
            case samlMetadataDocument = "SAMLMetadataDocument"
            case samlProviderArn = "SAMLProviderArn"
        }
    }

    public struct UpdateSAMLProviderResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the SAML provider that was updated.
        public let samlProviderArn: String?

        @inlinable
        public init(samlProviderArn: String? = nil) {
            self.samlProviderArn = samlProviderArn
        }

        private enum CodingKeys: String, CodingKey {
            case samlProviderArn = "SAMLProviderArn"
        }
    }

    public struct UpdateSSHPublicKeyRequest: AWSEncodableShape {
        /// The unique identifier for the SSH public key. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let sshPublicKeyId: String
        /// The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
        public let status: StatusType
        /// The name of the IAM user associated with the SSH public key. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(sshPublicKeyId: String, status: StatusType, userName: String) {
            self.sshPublicKeyId = sshPublicKeyId
            self.status = status
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, max: 128)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, min: 20)
            try self.validate(self.sshPublicKeyId, name: "sshPublicKeyId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKeyId = "SSHPublicKeyId"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct UpdateServerCertificateRequest: AWSEncodableShape {
        /// The new path for the server certificate. Include this only if you are updating the server certificate's path. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let newPath: String?
        /// The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let newServerCertificateName: String?
        /// The name of the server certificate that you want to update. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String

        @inlinable
        public init(newPath: String? = nil, newServerCertificateName: String? = nil, serverCertificateName: String) {
            self.newPath = newPath
            self.newServerCertificateName = newServerCertificateName
            self.serverCertificateName = serverCertificateName
        }

        public func validate(name: String) throws {
            try self.validate(self.newPath, name: "newPath", parent: name, max: 512)
            try self.validate(self.newPath, name: "newPath", parent: name, min: 1)
            try self.validate(self.newPath, name: "newPath", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.newServerCertificateName, name: "newServerCertificateName", parent: name, max: 128)
            try self.validate(self.newServerCertificateName, name: "newServerCertificateName", parent: name, min: 1)
            try self.validate(self.newServerCertificateName, name: "newServerCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case newPath = "NewPath"
            case newServerCertificateName = "NewServerCertificateName"
            case serverCertificateName = "ServerCertificateName"
        }
    }

    public struct UpdateServiceSpecificCredentialRequest: AWSEncodableShape {
        /// The unique identifier of the service-specific credential. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let serviceSpecificCredentialId: String
        /// The status to be assigned to the service-specific credential.
        public let status: StatusType
        /// The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(serviceSpecificCredentialId: String, status: StatusType, userName: String? = nil) {
            self.serviceSpecificCredentialId = serviceSpecificCredentialId
            self.status = status
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, max: 128)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, min: 20)
            try self.validate(self.serviceSpecificCredentialId, name: "serviceSpecificCredentialId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case serviceSpecificCredentialId = "ServiceSpecificCredentialId"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct UpdateSigningCertificateRequest: AWSEncodableShape {
        /// The ID of the signing certificate you want to update. This parameter allows (through its regex pattern) a string of characters that can  consist of any upper or lowercased letter or digit.
        public let certificateId: String
        ///  The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.
        public let status: StatusType
        /// The name of the IAM user the signing certificate belongs to. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(certificateId: String, status: StatusType, userName: String? = nil) {
            self.certificateId = certificateId
            self.status = status
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateId, name: "certificateId", parent: name, max: 128)
            try self.validate(self.certificateId, name: "certificateId", parent: name, min: 24)
            try self.validate(self.certificateId, name: "certificateId", parent: name, pattern: "^[\\w]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateId = "CertificateId"
            case status = "Status"
            case userName = "UserName"
        }
    }

    public struct UpdateUserRequest: AWSEncodableShape {
        /// New path for the IAM user. Include this parameter only if you're changing the user's path. This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.
        public let newPath: String?
        /// New name for the user. Include this parameter only if you're changing the user's name. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
        public let newUserName: String?
        /// Name of the user to update. If you're changing the name of the user, this is the original user name. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(newPath: String? = nil, newUserName: String? = nil, userName: String) {
            self.newPath = newPath
            self.newUserName = newUserName
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.newPath, name: "newPath", parent: name, max: 512)
            try self.validate(self.newPath, name: "newPath", parent: name, min: 1)
            try self.validate(self.newPath, name: "newPath", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.newUserName, name: "newUserName", parent: name, max: 64)
            try self.validate(self.newUserName, name: "newUserName", parent: name, min: 1)
            try self.validate(self.newUserName, name: "newUserName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case newPath = "NewPath"
            case newUserName = "NewUserName"
            case userName = "UserName"
        }
    }

    public struct UploadSSHPublicKeyRequest: AWSEncodableShape {
        /// The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The minimum bit-length of the public key is 2048 bits. For example, you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes long. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let sshPublicKeyBody: String
        /// The name of the IAM user to associate the SSH public key with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String

        @inlinable
        public init(sshPublicKeyBody: String, userName: String) {
            self.sshPublicKeyBody = sshPublicKeyBody
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.sshPublicKeyBody, name: "sshPublicKeyBody", parent: name, max: 16384)
            try self.validate(self.sshPublicKeyBody, name: "sshPublicKeyBody", parent: name, min: 1)
            try self.validate(self.sshPublicKeyBody, name: "sshPublicKeyBody", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 64)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKeyBody = "SSHPublicKeyBody"
            case userName = "UserName"
        }
    }

    public struct UploadSSHPublicKeyResponse: AWSDecodableShape {
        /// Contains information about the SSH public key.
        public let sshPublicKey: SSHPublicKey?

        @inlinable
        public init(sshPublicKey: SSHPublicKey? = nil) {
            self.sshPublicKey = sshPublicKey
        }

        private enum CodingKeys: String, CodingKey {
            case sshPublicKey = "SSHPublicKey"
        }
    }

    public struct UploadServerCertificateRequest: AWSEncodableShape {
        /// The contents of the public key certificate in PEM-encoded format. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let certificateBody: String
        /// The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let certificateChain: String?
        /// The path for the server certificate. For more information about paths, see IAM identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting  of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including  most punctuation characters, digits, and upper and lowercased letters.  If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the path parameter. The path must begin with /cloudfront and must include a trailing slash (for example, /cloudfront/test/).
        public let path: String?
        /// The contents of the private key in PEM-encoded format. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let privateKey: String
        /// The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let serverCertificateName: String
        /// A list of tags that you want to attach to the new IAM server certificate resource. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.  If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request  fails and the resource is not created.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(certificateBody: String, certificateChain: String? = nil, path: String? = nil, privateKey: String, serverCertificateName: String, tags: [Tag]? = nil) {
            self.certificateBody = certificateBody
            self.certificateChain = certificateChain
            self.path = path
            self.privateKey = privateKey
            self.serverCertificateName = serverCertificateName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, max: 16384)
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, min: 1)
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, max: 2097152)
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, min: 1)
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.path, name: "path", parent: name, max: 512)
            try self.validate(self.path, name: "path", parent: name, min: 1)
            try self.validate(self.path, name: "path", parent: name, pattern: "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$")
            try self.validate(self.privateKey, name: "privateKey", parent: name, max: 16384)
            try self.validate(self.privateKey, name: "privateKey", parent: name, min: 1)
            try self.validate(self.privateKey, name: "privateKey", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, max: 128)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, min: 1)
            try self.validate(self.serverCertificateName, name: "serverCertificateName", parent: name, pattern: "^[\\w+=,.@-]+$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateBody = "CertificateBody"
            case certificateChain = "CertificateChain"
            case path = "Path"
            case privateKey = "PrivateKey"
            case serverCertificateName = "ServerCertificateName"
            case tags = "Tags"
        }
    }

    public struct UploadServerCertificateResponse: AWSDecodableShape {
        /// The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
        public let serverCertificateMetadata: ServerCertificateMetadata?
        /// A list of tags that are attached to the new IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?

        @inlinable
        public init(serverCertificateMetadata: ServerCertificateMetadata? = nil, tags: [Tag]? = nil) {
            self.serverCertificateMetadata = serverCertificateMetadata
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case serverCertificateMetadata = "ServerCertificateMetadata"
            case tags = "Tags"
        }
    }

    public struct UploadSigningCertificateRequest: AWSEncodableShape {
        /// The contents of the signing certificate. The regex pattern  used to validate this parameter is a string of characters consisting of the following:   Any printable ASCII  character ranging from the space character (\u0020) through the end of the ASCII character range   The printable characters in the Basic Latin and  Latin-1 Supplement character set  (through \u00FF)   The special characters tab (\u0009), line feed (\u000A), and  carriage return (\u000D)
        public let certificateBody: String
        /// The name of the user the signing certificate is for. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric  characters with no spaces. You can also include any of the following characters: _+=,.@-
        public let userName: String?

        @inlinable
        public init(certificateBody: String, userName: String? = nil) {
            self.certificateBody = certificateBody
            self.userName = userName
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, max: 16384)
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, min: 1)
            try self.validate(self.certificateBody, name: "certificateBody", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.userName, name: "userName", parent: name, max: 128)
            try self.validate(self.userName, name: "userName", parent: name, min: 1)
            try self.validate(self.userName, name: "userName", parent: name, pattern: "^[\\w+=,.@-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateBody = "CertificateBody"
            case userName = "UserName"
        }
    }

    public struct UploadSigningCertificateResponse: AWSDecodableShape {
        /// Information about the certificate.
        public let certificate: SigningCertificate

        @inlinable
        public init(certificate: SigningCertificate) {
            self.certificate = certificate
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
        }
    }

    public struct User: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide.
        public let arn: String
        /// The date and time, in ISO 8601 date-time format, when the user was created.
        public let createDate: Date
        /// The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:   The user never had a password.   A password exists but has not been used since IAM started tracking this information on October 20, 2014.   A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the GetUser and ListUsers operations.
        public let passwordLastUsed: Date?
        /// The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide. The ARN of the policy used to set the permissions boundary for the user.
        public let path: String
        /// For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundary: AttachedPermissionsBoundary?
        /// A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let userId: String
        /// The friendly name identifying the user.
        public let userName: String

        @inlinable
        public init(arn: String, createDate: Date, passwordLastUsed: Date? = nil, path: String, permissionsBoundary: AttachedPermissionsBoundary? = nil, tags: [Tag]? = nil, userId: String, userName: String) {
            self.arn = arn
            self.createDate = createDate
            self.passwordLastUsed = passwordLastUsed
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.tags = tags
            self.userId = userId
            self.userName = userName
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case createDate = "CreateDate"
            case passwordLastUsed = "PasswordLastUsed"
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case tags = "Tags"
            case userId = "UserId"
            case userName = "UserName"
        }
    }

    public struct UserDetail: AWSDecodableShape {
        public let arn: String?
        /// A list of the managed policies attached to the user.
        @OptionalCustomCoding<StandardArrayCoder<AttachedPolicy>>
        public var attachedManagedPolicies: [AttachedPolicy]?
        /// The date and time, in ISO 8601 date-time format, when the user was created.
        public let createDate: Date?
        /// A list of IAM groups that the user is in.
        @OptionalCustomCoding<StandardArrayCoder<String>>
        public var groupList: [String]?
        /// The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide.
        public let path: String?
        /// The ARN of the policy used to set the permissions boundary for the user. For more information about permissions boundaries, see Permissions boundaries for IAM identities  in the IAM User Guide.
        public let permissionsBoundary: AttachedPermissionsBoundary?
        /// A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
        public let userId: String?
        /// The friendly name identifying the user.
        public let userName: String?
        /// A list of the inline policies embedded in the user.
        @OptionalCustomCoding<StandardArrayCoder<PolicyDetail>>
        public var userPolicyList: [PolicyDetail]?

        @inlinable
        public init(arn: String? = nil, attachedManagedPolicies: [AttachedPolicy]? = nil, createDate: Date? = nil, groupList: [String]? = nil, path: String? = nil, permissionsBoundary: AttachedPermissionsBoundary? = nil, tags: [Tag]? = nil, userId: String? = nil, userName: String? = nil, userPolicyList: [PolicyDetail]? = nil) {
            self.arn = arn
            self.attachedManagedPolicies = attachedManagedPolicies
            self.createDate = createDate
            self.groupList = groupList
            self.path = path
            self.permissionsBoundary = permissionsBoundary
            self.tags = tags
            self.userId = userId
            self.userName = userName
            self.userPolicyList = userPolicyList
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case attachedManagedPolicies = "AttachedManagedPolicies"
            case createDate = "CreateDate"
            case groupList = "GroupList"
            case path = "Path"
            case permissionsBoundary = "PermissionsBoundary"
            case tags = "Tags"
            case userId = "UserId"
            case userName = "UserName"
            case userPolicyList = "UserPolicyList"
        }
    }

    public struct VirtualMFADevice: AWSDecodableShape {
        ///  The base32 seed defined as specified in RFC3548. The Base32StringSeed is base32-encoded.
        public let base32StringSeed: AWSBase64Data?
        /// The date and time on which the virtual MFA device was enabled.
        public let enableDate: Date?
        ///  A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where $virtualMFADeviceName is one of the create call arguments. AccountName is the user name if set (otherwise, the account ID otherwise), and Base32String is the seed in base32 format. The Base32String value is base64-encoded.
        public let qrCodePNG: AWSBase64Data?
        /// The serial number associated with VirtualMFADevice.
        public let serialNumber: String
        /// A list of tags that are attached to the virtual MFA device. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
        @OptionalCustomCoding<StandardArrayCoder<Tag>>
        public var tags: [Tag]?
        /// The IAM user associated with this virtual MFA device.
        public let user: User?

        @inlinable
        public init(base32StringSeed: AWSBase64Data? = nil, enableDate: Date? = nil, qrCodePNG: AWSBase64Data? = nil, serialNumber: String, tags: [Tag]? = nil, user: User? = nil) {
            self.base32StringSeed = base32StringSeed
            self.enableDate = enableDate
            self.qrCodePNG = qrCodePNG
            self.serialNumber = serialNumber
            self.tags = tags
            self.user = user
        }

        private enum CodingKeys: String, CodingKey {
            case base32StringSeed = "Base32StringSeed"
            case enableDate = "EnableDate"
            case qrCodePNG = "QRCodePNG"
            case serialNumber = "SerialNumber"
            case tags = "Tags"
            case user = "User"
        }
    }
}

// MARK: - Errors

/// Error enum for IAM
public struct IAMErrorType: AWSErrorType {
    enum Code: String {
        case accountNotManagementOrDelegatedAdministratorException = "AccountNotManagementOrDelegatedAdministratorException"
        case callerIsNotManagementAccountException = "CallerIsNotManagementAccountException"
        case concurrentModificationException = "ConcurrentModification"
        case credentialReportExpiredException = "ReportExpired"
        case credentialReportNotPresentException = "ReportNotPresent"
        case credentialReportNotReadyException = "ReportInProgress"
        case deleteConflictException = "DeleteConflict"
        case duplicateCertificateException = "DuplicateCertificate"
        case duplicateSSHPublicKeyException = "DuplicateSSHPublicKey"
        case entityAlreadyExistsException = "EntityAlreadyExists"
        case entityTemporarilyUnmodifiableException = "EntityTemporarilyUnmodifiable"
        case invalidAuthenticationCodeException = "InvalidAuthenticationCode"
        case invalidCertificateException = "InvalidCertificate"
        case invalidInputException = "InvalidInput"
        case invalidPublicKeyException = "InvalidPublicKey"
        case invalidUserTypeException = "InvalidUserType"
        case keyPairMismatchException = "KeyPairMismatch"
        case limitExceededException = "LimitExceeded"
        case malformedCertificateException = "MalformedCertificate"
        case malformedPolicyDocumentException = "MalformedPolicyDocument"
        case noSuchEntityException = "NoSuchEntity"
        case openIdIdpCommunicationErrorException = "OpenIdIdpCommunicationError"
        case organizationNotFoundException = "OrganizationNotFoundException"
        case organizationNotInAllFeaturesModeException = "OrganizationNotInAllFeaturesModeException"
        case passwordPolicyViolationException = "PasswordPolicyViolation"
        case policyEvaluationException = "PolicyEvaluation"
        case policyNotAttachableException = "PolicyNotAttachable"
        case reportGenerationLimitExceededException = "ReportGenerationLimitExceeded"
        case serviceAccessNotEnabledException = "ServiceAccessNotEnabledException"
        case serviceFailureException = "ServiceFailure"
        case serviceNotSupportedException = "NotSupportedService"
        case unmodifiableEntityException = "UnmodifiableEntity"
        case unrecognizedPublicKeyEncodingException = "UnrecognizedPublicKeyEncoding"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize IAM
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// The request was rejected because the account making the request is not the management account or delegated administrator account for centralized root access.
    public static var accountNotManagementOrDelegatedAdministratorException: Self { .init(.accountNotManagementOrDelegatedAdministratorException) }
    /// The request was rejected because the account making the request is not the management account for the organization.
    public static var callerIsNotManagementAccountException: Self { .init(.callerIsNotManagementAccountException) }
    /// The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.
    public static var concurrentModificationException: Self { .init(.concurrentModificationException) }
    /// The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reports in the IAM User Guide.
    public static var credentialReportExpiredException: Self { .init(.credentialReportExpiredException) }
    /// The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.
    public static var credentialReportNotPresentException: Self { .init(.credentialReportNotPresentException) }
    /// The request was rejected because the credential report is still being generated.
    public static var credentialReportNotReadyException: Self { .init(.credentialReportNotReadyException) }
    /// The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.
    public static var deleteConflictException: Self { .init(.deleteConflictException) }
    /// The request was rejected because the same certificate is associated with an IAM user in the account.
    public static var duplicateCertificateException: Self { .init(.duplicateCertificateException) }
    /// The request was rejected because the SSH public key is already associated with the specified IAM user.
    public static var duplicateSSHPublicKeyException: Self { .init(.duplicateSSHPublicKeyException) }
    /// The request was rejected because it attempted to create a resource that already exists.
    public static var entityAlreadyExistsException: Self { .init(.entityAlreadyExistsException) }
    /// The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.
    public static var entityTemporarilyUnmodifiableException: Self { .init(.entityTemporarilyUnmodifiableException) }
    /// The request was rejected because the authentication code was not recognized. The error message describes the specific error.
    public static var invalidAuthenticationCodeException: Self { .init(.invalidAuthenticationCodeException) }
    /// The request was rejected because the certificate is invalid.
    public static var invalidCertificateException: Self { .init(.invalidCertificateException) }
    /// The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
    public static var invalidInputException: Self { .init(.invalidInputException) }
    /// The request was rejected because the public key is malformed or otherwise invalid.
    public static var invalidPublicKeyException: Self { .init(.invalidPublicKeyException) }
    /// The request was rejected because the type of user for the transaction was incorrect.
    public static var invalidUserTypeException: Self { .init(.invalidUserTypeException) }
    /// The request was rejected because the public key certificate and the private key do not match.
    public static var keyPairMismatchException: Self { .init(.keyPairMismatchException) }
    /// The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.
    public static var limitExceededException: Self { .init(.limitExceededException) }
    /// The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
    public static var malformedCertificateException: Self { .init(.malformedCertificateException) }
    /// The request was rejected because the policy document was malformed. The error message describes the specific error.
    public static var malformedPolicyDocumentException: Self { .init(.malformedPolicyDocumentException) }
    /// The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
    public static var noSuchEntityException: Self { .init(.noSuchEntityException) }
    /// The request failed because IAM cannot connect to the OpenID Connect identity provider URL.
    public static var openIdIdpCommunicationErrorException: Self { .init(.openIdIdpCommunicationErrorException) }
    /// The request was rejected because no organization is associated with your account.
    public static var organizationNotFoundException: Self { .init(.organizationNotFoundException) }
    /// The request was rejected because your organization does not have All features enabled. For more information, see Available feature sets in the Organizations User Guide.
    public static var organizationNotInAllFeaturesModeException: Self { .init(.organizationNotInAllFeaturesModeException) }
    /// The request was rejected because the provided password did not meet the requirements imposed by the account password policy.
    public static var passwordPolicyViolationException: Self { .init(.passwordPolicyViolationException) }
    /// The request failed because a provided policy could not be successfully evaluated. An additional detailed message indicates the source of the failure.
    public static var policyEvaluationException: Self { .init(.policyEvaluationException) }
    /// The request failed because Amazon Web Services service role policies can only be attached to the service-linked role for that service.
    public static var policyNotAttachableException: Self { .init(.policyNotAttachableException) }
    /// The request failed because the maximum number of concurrent requests for this account are already running.
    public static var reportGenerationLimitExceededException: Self { .init(.reportGenerationLimitExceededException) }
    /// The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the Organizations User Guide.
    public static var serviceAccessNotEnabledException: Self { .init(.serviceAccessNotEnabledException) }
    /// The request processing has failed because of an unknown error, exception or failure.
    public static var serviceFailureException: Self { .init(.serviceFailureException) }
    /// The specified service does not support service-specific credentials.
    public static var serviceNotSupportedException: Self { .init(.serviceNotSupportedException) }
    /// The request was rejected because service-linked roles are protected Amazon Web Services resources. Only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.
    public static var unmodifiableEntityException: Self { .init(.unmodifiableEntityException) }
    /// The request was rejected because the public key encoding format is unsupported or unrecognized.
    public static var unrecognizedPublicKeyEncodingException: Self { .init(.unrecognizedPublicKeyEncodingException) }
}

extension IAMErrorType: Equatable {
    public static func == (lhs: IAMErrorType, rhs: IAMErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension IAMErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
